summaryrefslogtreecommitdiffstats
path: root/dom/security/test/unit/test_csp_upgrade_insecure_request_header.js
blob: 8be87323432fdb3f2f211a4df9ee8d7af2e2664f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
var Cu = Components.utils;
var Ci = Components.interfaces;
var Cc = Components.classes;

Cu.import("resource://testing-common/httpd.js");
Cu.import("resource://gre/modules/NetUtil.jsm");
Cu.import("resource://gre/modules/XPCOMUtils.jsm");

var prefs = Cc["@mozilla.org/preferences-service;1"].
              getService(Ci.nsIPrefBranch);

// Since this test creates a TYPE_DOCUMENT channel via javascript, it will
// end up using the wrong LoadInfo constructor. Setting this pref will disable
// the ContentPolicyType assertion in the constructor.
prefs.setBoolPref("network.loadinfo.skip_type_assertion", true);

XPCOMUtils.defineLazyGetter(this, "URL", function() {
  return "http://localhost:" + httpserver.identity.primaryPort;
});

var httpserver =  null;
var channel = null;
var curTest = null;
var testpath = "/footpath";

var tests = [
  {
    description: "should not set request header for TYPE_OTHER",
    expectingHeader: false,
    contentType: Ci.nsIContentPolicy.TYPE_OTHER
  },
  {
    description: "should set request header for TYPE_DOCUMENT",
    expectingHeader: true,
    contentType: Ci.nsIContentPolicy.TYPE_DOCUMENT
  },
  {
    description: "should set request header for TYPE_SUBDOCUMENT",
    expectingHeader: true,
    contentType: Ci.nsIContentPolicy.TYPE_SUBDOCUMENT
  },
  {
    description: "should not set request header for TYPE_IMG",
    expectingHeader: false,
    contentType: Ci.nsIContentPolicy.TYPE_IMG
  },
];

function ChannelListener() {
}

ChannelListener.prototype = {
  onStartRequest: function(request, context) { },
  onDataAvailable: function(request, context, stream, offset, count) {
    do_throw("Should not get any data!");
  },
  onStopRequest: function(request, context, status) {
    var upgrade_insecure_header = false;
    try {
      if (request.getRequestHeader("Upgrade-Insecure-Requests")) {
        upgrade_insecure_header = true;
      }
    }
    catch (e) {
      // exception is thrown if header is not available on the request
    }
    // debug
    // dump("executing test: " + curTest.description);
    do_check_eq(upgrade_insecure_header, curTest.expectingHeader)
    run_next_test();
  },
};

function setupChannel(aContentType) {
  var chan = NetUtil.newChannel({
    uri: URL + testpath,
    loadUsingSystemPrincipal: true,
    contentPolicyType: aContentType
  });
  chan.QueryInterface(Ci.nsIHttpChannel);
  chan.requestMethod = "GET";
  return chan;
}

function serverHandler(metadata, response) {
  // no need to perform anything here
}

function run_next_test() {
  curTest = tests.shift();
  if (!curTest) {
    httpserver.stop(do_test_finished);
    return;
  }
  channel = setupChannel(curTest.contentType);
  channel.asyncOpen2(new ChannelListener());
}

function run_test() {
  // set up the test environment
  httpserver = new HttpServer();
  httpserver.registerPathHandler(testpath, serverHandler);
  httpserver.start(-1);

  run_next_test();
  do_test_pending();
}