summaryrefslogtreecommitdiffstats
path: root/security/manager/ssl/tests/unit/test_forget_about_site_security_headers.js
diff options
context:
space:
mode:
Diffstat (limited to 'security/manager/ssl/tests/unit/test_forget_about_site_security_headers.js')
-rw-r--r--security/manager/ssl/tests/unit/test_forget_about_site_security_headers.js22
1 files changed, 22 insertions, 0 deletions
diff --git a/security/manager/ssl/tests/unit/test_forget_about_site_security_headers.js b/security/manager/ssl/tests/unit/test_forget_about_site_security_headers.js
index 4db133e43..c075428ee 100644
--- a/security/manager/ssl/tests/unit/test_forget_about_site_security_headers.js
+++ b/security/manager/ssl/tests/unit/test_forget_about_site_security_headers.js
@@ -12,6 +12,7 @@
var { ForgetAboutSite } = Cu.import("resource://gre/modules/ForgetAboutSite.jsm", {});
do_register_cleanup(() => {
+ Services.prefs.clearUserPref("security.cert_pinning.hpkp.enabled");
Services.prefs.clearUserPref("security.cert_pinning.enforcement_level");
Services.prefs.clearUserPref(
"security.cert_pinning.process_headers_from_non_builtin_roots");
@@ -26,6 +27,7 @@ const GOOD_MAX_AGE = `max-age=${GOOD_MAX_AGE_SECONDS};`;
do_get_profile(); // must be done before instantiating nsIX509CertDB
+Services.prefs.setBoolPref("security.cert_pinning.hpkp.enabled", true);
Services.prefs.setIntPref("security.cert_pinning.enforcement_level", 2);
Services.prefs.setBoolPref(
"security.cert_pinning.process_headers_from_non_builtin_roots", true);
@@ -44,6 +46,26 @@ var uri = Services.io.newURI("https://a.pinning2.example.com", null, null);
var sslStatus = new FakeSSLStatus(constructCertFromFile(
"test_pinning_dynamic/a.pinning2.example.com-pinningroot.pem"));
+ // Test that with HPKP disabled, processing HPKP headers results in no
+ // information being saved.
+ add_task(async function() {
+ Services.prefs.setBoolPref("security.cert_pinning.hpkp.enabled", false);
+ sss.processHeader(
+ Ci.nsISiteSecurityService.HEADER_HPKP,
+ uri,
+ GOOD_MAX_AGE + VALID_PIN + BACKUP_PIN,
+ secInfo,
+ 0,
+ Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST
+ );
+
+ Services.prefs.setBoolPref("security.cert_pinning.hpkp.enabled", true);
+ Assert.ok(
+ !sss.isSecureURI(Ci.nsISiteSecurityService.HEADER_HPKP, uri, 0),
+ "a.pinning.example.com should not be HPKP"
+ );
+ });
+
// Test the normal case of processing HSTS and HPKP headers for
// a.pinning2.example.com, using "Forget About Site" on a.pinning2.example.com,
// and then checking that the platform doesn't consider a.pinning2.example.com
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-01 15:47:01 +0000