Bug 1884921 - Update HTTPS-First Tests to work with new exception behaviour on failiure r=freddyb

These tests would fail if we automatically add a HTTPS-First exception. So this patch either removes those exceptions again throughout the tests, or disables the adding of automatic exceptions via a pref. Differential Revision: https://phabricator.services.mozilla.com/D204757
2024-05-27 18:57:25 +00:00 · 2024-05-27 18:57:25 +00:00 · 893f350260
commit 893f350260
parent 5c6f4170ce
19 changed files with 64 additions and 15 deletions
--- a/browser/components/urlbar/tests/browser/browser_autocomplete_edit_completed.js
+++ b/browser/components/urlbar/tests/browser/browser_autocomplete_edit_completed.js
@ -6,7 +6,12 @@
 */

 add_task(async function () {
-  SpecialPowers.pushPrefEnv({ set: [["browser.urlbar.trimHttps", false]] });
+  SpecialPowers.pushPrefEnv({
+    set: [
+      ["browser.urlbar.trimHttps", false],
+      ["dom.security.https_first_schemeless", false],
+    ],
+  });
  await PlacesUtils.history.clear();

  await PlacesTestUtils.addVisits([
--- a/build/pgo/server-locations.txt
+++ b/build/pgo/server-locations.txt
@ -363,6 +363,7 @@ https://no-suggestion-example.com:443       privileged,cert=badCertDomain

 # testing HTTPS-First doesn't show warning page for bad cert
 http://nocert.example.com:80                    privileged
+http://nocert.example.org:80                    privileged
 http://self-signed.example.com:80               privileged
 http://untrusted.example.com:80                 privileged
 http://untrusted-expired.example.com:80         privileged
--- a/dom/security/test/https-first/browser.toml
+++ b/dom/security/test/https-first/browser.toml
@ -1,4 +1,5 @@
 [DEFAULT]
+support-files = ["head.js"]

 ["browser_beforeunload_permit_http.js"]
 support-files = ["file_beforeunload_permit_http.html"]
--- a/dom/security/test/https-first/browser_beforeunload_permit_http.js
+++ b/dom/security/test/https-first/browser_beforeunload_permit_http.js
@ -201,7 +201,10 @@ async function loadPagesAndUseBackButton() {
      info("Clicking back button");
      let backButton = document.getElementById("back-button");
      backButton.click();
-      await BrowserTestUtils.browserLoaded(browser);
+      await BrowserTestUtils.waitForLocationChange(
+        gBrowser,
+        `${TEST_PATH_HTTP}file_beforeunload_permit_http.html`
+      );
      is(true, true, `Got back successful`);
    }
  );
--- a/dom/security/test/https-first/browser_downgrade_view_source.js
+++ b/dom/security/test/https-first/browser_downgrade_view_source.js
@ -27,6 +27,11 @@ async function runTest(desc, url, expectedURI, excpectedContent) {
        is(loadedContent, excpectedContent, desc);
      }
    );
+
+    await SpecialPowers.removePermission(
+      "https-only-load-insecure",
+      "http://example.com"
+    );
  });
 }

--- a/dom/security/test/https-first/browser_download_attribute.js
+++ b/dom/security/test/https-first/browser_download_attribute.js
@ -1,13 +1,5 @@
 "use strict";

-// Create a uri for an http site
-//(in that case a site without cert such that https-first isn't upgrading it)
-const insecureTestPath = getRootDirectory(gTestPath).replace(
-  "chrome://mochitests/content",
-  "http://nocert.example.com"
-);
-const insecureTestURI = insecureTestPath + "file_download_attribute.html";
-
 function promisePanelOpened() {
  if (DownloadsPanel.panel && DownloadsPanel.panel.state == "open") {
    return Promise.resolve();
@ -20,7 +12,7 @@ const CONSOLE_ERROR_MESSAGE = "Downgrading to “http” again";
 const DOWNLOAD_PAGE_URL =
  "nocert.example.com/browser/dom/security/test/https-first/file_download_attribute.html";
 const DOWNLOAD_LINK_URL =
-  "nocert.example.com/browser/dom/security/test/https-first/file_download_attribute.sjs";
+  "nocert.example.org/browser/dom/security/test/https-first/file_download_attribute.sjs";

 // Verifys that https-first tried to upgrade the download
 // - and that the upgrade attempt failed.
@ -88,7 +80,7 @@ add_task(async function test_with_downloads_pref_enabled() {
  let downloadsPanelPromise = promisePanelOpened();
  let downloadsPromise = Downloads.getList(Downloads.PUBLIC);

-  BrowserTestUtils.startLoadingURIString(gBrowser, insecureTestURI);
+  BrowserTestUtils.startLoadingURIString(gBrowser, DOWNLOAD_PAGE_URL);
  // wait for downloadsPanel to open before continuing with test
  await downloadsPanelPromise;
  let downloadList = await downloadsPromise;
@ -105,7 +97,7 @@ add_task(async function test_with_downloads_pref_enabled() {
  // ensure https-first didn't upgrade the scheme.
  is(
    download.source.url,
-    insecureTestPath + "file_download_attribute.sjs",
+    "http://" + DOWNLOAD_LINK_URL,
    "Scheme should be http."
  );

--- a/dom/security/test/https-first/browser_httpsfirst.js
+++ b/dom/security/test/https-first/browser_httpsfirst.js
@ -24,6 +24,8 @@ async function runPrefTest(aURI, aDesc, aAssertURLStartsWith) {
        );
      }
    );
+
+    await SpecialPowers.removePermission("https-only-load-insecure", aURI);
  });
 }

--- a/dom/security/test/https-first/file_download_attribute.html
+++ b/dom/security/test/https-first/file_download_attribute.html
@ -4,7 +4,7 @@
  <title>Test download attribute for http site</title>
 </head>
 <body>
-  <a href="http://nocert.example.com/browser/dom/security/test/https-first/file_download_attribute.sjs" download="some.html" id="testlink">download by attribute</a>
+  <a href="http://nocert.example.org/browser/dom/security/test/https-first/file_download_attribute.sjs" download="some.html" id="testlink">download by attribute</a>
  <script>
    // click the link to start download
    let testlink = document.getElementById("testlink");
--- a/dom/security/test/https-first/head.js
+++ b/dom/security/test/https-first/head.js
@ -0,0 +1,3 @@
+registerCleanupFunction(async function () {
+  Services.perms.removeByType("https-only-load-insecure");
+});
--- a/dom/security/test/https-first/test_bad_cert.html
+++ b/dom/security/test/https-first/test_bad_cert.html
@ -43,6 +43,10 @@ Test that bad cert sites won't get upgraded by https-first
    ok(data.result === "downgraded", "Downgraded request " + currentBadCert);
    ok(data.scheme === "http:", "Received 'http' for " + currentBadCert);
    testWin.close();
+    await SpecialPowers.removePermission(
+      "https-only-load-insecure",
+      `http://${currentBadCert}.example.com`
+    );
    if (++currentTest < badCertificates.length) {
      startTest();
      return;
--- a/dom/security/test/https-first/test_break_endless_upgrade_downgrade_loop.html
+++ b/dom/security/test/https-first/test_break_endless_upgrade_downgrade_loop.html
@ -34,6 +34,10 @@ Test that same origin redirect does not cause endless loop with https-first enab
       "same-origin redirect results in 'http' for " + currentRedirectCode
    );
    testWin.close();
+    await SpecialPowers.removePermission(
+      "https-only-load-insecure",
+      "http://example.com"
+    );
    if (++currentTest < redirectCodes.length) {
      startTest();
      return;
--- a/dom/security/test/https-first/test_downgrade_500_responses.html
+++ b/dom/security/test/https-first/test_downgrade_500_responses.html
@ -41,6 +41,10 @@ async function receiveMessage(event) {
  ok(data.result === "downgraded", "Redirected successful to 'http' for " + currentQuery);
  is(data.scheme, "http:", "scheme is 'http' for " + currentQuery );
  testWin.close();
+  await SpecialPowers.removePermission(
+    "https-only-load-insecure",
+    REQUEST_URL
+  );
  if (++currentTest < redirectQueries.length) {
    runTest();
    return;
--- a/dom/security/test/https-first/test_downgrade_bad_responses.html
+++ b/dom/security/test/https-first/test_downgrade_bad_responses.html
@ -41,6 +41,10 @@ async function receiveMessage(event) {
  ok(data.result === "downgraded", "Redirected successful to 'http' for " + currentQuery);
  ok(data.scheme === "http", "scheme is 'http' for " + currentQuery );
  testWin.close();
+  await SpecialPowers.removePermission(
+    "https-only-load-insecure",
+    REQUEST_URL
+  );
  if (++currentTest < redirectQueries.length) {
    runTest();
    return;
--- a/dom/security/test/https-first/test_downgrade_request_upgrade_request.html
+++ b/dom/security/test/https-first/test_downgrade_request_upgrade_request.html
@ -15,7 +15,7 @@
 * The request https://redirect-example.com doesn't receive an answer (timeout), so we send a background
 * request.
 * The background request receives an answer. So the request https://redirect-example.com gets downgraded
- * to http://redirect-example.com by the exempt flag.
+ * to http://redirect-example.com by the exempt flag on the loadinfo.
 * The request http://redirect-example.com gets redirected to http://wwww.redirect-example.com. At that stage
 * HTTPS-First should clear the exempt flag and upgrade the redirection to https://wwww.redirect-example.com.
 *
@ -36,6 +36,10 @@ async function receiveMessage(event) {
  is(data.scheme,"https:", "scheme is 'https' for subdomain");
  testWin.close();
  window.removeEventListener("message", receiveMessage);
+  await SpecialPowers.removePermission(
+    "https-only-load-insecure",
+    REQUEST_URL
+  );
  SimpleTest.finish();
 }

--- a/dom/security/test/https-first/test_form_submission.html
+++ b/dom/security/test/https-first/test_form_submission.html
@ -90,6 +90,10 @@ async function receiveMessage(event){
  if (sameOrigin) {
    counter++;
  }
+  await SpecialPowers.removePermission(
+    "https-only-load-insecure",
+    origin
+  );
  // Check if we have test left, if not finish the testing
  if (counter >= Tests.length) {
    window.removeEventListener("message", receiveMessage);
--- a/dom/security/test/https-first/test_multiple_redirection.html
+++ b/dom/security/test/https-first/test_multiple_redirection.html
@ -57,6 +57,10 @@ Test multiple redirects using https-first and ensure the entire redirect chain i
       "redirect results in " + test.name
    );
    testWin.close();
+    await SpecialPowers.removePermission(
+      "https-only-load-insecure",
+      "http://example.com"
+    );
    if (++currentTest < testCase.length) {
      startTest();
      return;
--- a/dom/security/test/https-first/test_redirect_downgrade.html
+++ b/dom/security/test/https-first/test_redirect_downgrade.html
@ -37,6 +37,10 @@ async function receiveMessage(event) {
  ok(data.result === "downgraded", "Redirected successful to 'http' for " + currentQuery);
  ok(data.scheme === "http:", "scheme is 'http' for " + currentQuery );
  testWin.close();
+  await SpecialPowers.removePermission(
+    "https-only-load-insecure",
+    "http://example.com"
+  );
  if (++currentTest < redirectQueries.length) {
    runTest();
    return;
--- a/dom/security/test/https-first/test_referrer_policy.html
+++ b/dom/security/test/https-first/test_referrer_policy.html
@ -229,6 +229,7 @@ async function runTest() {

 SpecialPowers.pushPrefEnv({ set: [
    ["dom.security.https_first", true],
+    ["dom.security.https_first_add_exception_on_failiure", false],
    ["network.http.referer.disallowCrossSiteRelaxingDefault", false],
  ]}, runTest);

--- a/dom/security/test/https-first/test_toplevel_cookies.html
+++ b/dom/security/test/https-first/test_toplevel_cookies.html
@ -71,6 +71,10 @@ async function receiveMessage(event) {
    is(data.cookie.includes(currentQuery +  "=" + currentRun), true, "Cookie successfully arrived for " + currentQuery + " " + ALL_COOKIE_COMB[currentRun]);
  }
  testWin.close();
+  await SpecialPowers.removePermission(
+    "https-only-load-insecure",
+    sameOriginRequest ? SAME_ORIGIN : CROSS_ORIGIN
+  );
  currentRun++;
  if (currentTest >= redirectQueries.length -1  && currentRun === ALL_COOKIE_COMB.length && !sameOriginRequest) {
    window.removeEventListener("message", receiveMessage);