summaryrefslogtreecommitdiffstats
path: root/dom/workers/test/serviceworkers/test_csp_upgrade-insecure_intercept.html
blob: fe4cb991cf0c575720546f5d3e96097dd1374b65 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
<!--
  Any copyright is dedicated to the Public Domain.
  http://creativecommons.org/publicdomain/zero/1.0/
-->
<!DOCTYPE HTML>
<html>
<head>
  <title>Test that a CSP upgraded request can be intercepted by a service worker</title>
  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
<p id="display"></p>
<div id="content">
<iframe></iframe>
</div>
<pre id="test"></pre>
<script class="testbody" type="text/javascript">

  var iframe;
  function runTest() {
    iframe = document.querySelector("iframe");
    iframe.src = "https://example.com/tests/dom/workers/test/serviceworkers/fetch/upgrade-insecure/register.html";
    window.onmessage = function(e) {
      if (e.data.status == "ok") {
        ok(e.data.result, e.data.message);
      } else if (e.data.status == "registrationdone") {
        iframe.src = "https://example.com/tests/dom/workers/test/serviceworkers/fetch/upgrade-insecure/embedder.html";
      } else if (e.data.status == "protocol") {
        is(e.data.data, "https:", "Correct protocol expected");
      } else if (e.data.status == "image") {
        is(e.data.data, 40, "The image request was upgraded before interception");
        iframe.src = "https://example.com/tests/dom/workers/test/serviceworkers/fetch/upgrade-insecure/unregister.html";
      } else if (e.data.status == "unregistrationdone") {
        window.onmessage = null;
        SimpleTest.finish();
      }
    };
  }

  SimpleTest.waitForExplicitFinish();
  onload = function() {
    SpecialPowers.pushPrefEnv({"set": [
      ["dom.serviceWorkers.exemptFromPerDomainMax", true],
      ["dom.serviceWorkers.enabled", true],
      ["dom.serviceWorkers.testing.enabled", true],
      // This is needed so that we can test upgrading a non-secure load inside an https iframe.
      ["security.mixed_content.block_active_content", false],
      ["security.mixed_content.block_display_content", false],
    ]}, runTest);
  };
</script>
</pre>
</body>
</html>