<!DOCTYPE HTML>
<html>
<head>
  <meta charset="utf-8">
  <title>Bug 1139297 - Implement CSP upgrade-insecure-requests directive</title>
  <!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
<iframe style="width:100%;" id="testframe"></iframe>

<script class="testbody" type="text/javascript">

/* Description of the test:
 * We load a page that makes use of the CSP referrer directive as well
 * as upgrade-insecure-requests. The page loads an image over http.
 * The test makes sure the request gets upgraded to https and the
 * correct referrer gets sent.
 */

var tests = [
  {
    query: "test1",
    description: "upgrade insecure request with 'referrer = origin' (CSP in header)",
    result: "http://example.com/"
  },
  {
    query: "test2",
    description: "upgrade insecure request with 'referrer = no-referrer' (CSP in header)",
    result: ""
  },
  {
    query: "test3",
    description: "upgrade insecure request with 'referrer = origin' (Meta CSP)",
    result: "http://example.com/"
  },
  {
    query: "test4",
    description: "upgrade insecure request with 'referrer = no-referrer' (Meta CSP)",
    result: ""
  }
];

var counter = 0;
var curTest;

function loadTestPage() {
  curTest = tests[counter++];
  var src = "http://example.com/tests/dom/security/test/csp/file_upgrade_insecure_referrer.sjs?";
  // append the query
  src += curTest.query;
  document.getElementById("testframe").src = src;
}

function runNextTest() {
  // sends a request to the server which is processed async and returns
  // once the server received the expected image request
  var myXHR = new XMLHttpRequest();
  myXHR.open("GET", "file_upgrade_insecure_referrer_server.sjs?queryresult");
  myXHR.onload = function(e) {
    is(myXHR.responseText, curTest.result, curTest.description);
    if (counter == tests.length) {
      SimpleTest.finish();
      return;
    }
    // move on to the next test by setting off another query request.
    runNextTest();
  }
  myXHR.onerror = function(e) {
    ok(false, "could not query results from server (" + e.message + ")");
    SimpleTest.finish();
  }
  myXHR.send();

  // give it some time and load the testpage
  SimpleTest.executeSoon(loadTestPage);
}

SimpleTest.waitForExplicitFinish();
runNextTest();

</script>
</body>
</html>