nagai/fune
3
0
Fork 0
forked from mirrors/gecko-dev
Code Pull requests Activity
fune/browser/base/content/test/siteIdentity/browser_iframe_navigation.js
Dana Keeler 984d5aecee bug 1492424 - check if the TLS handshake failed in nsSecureBrowserUIImpl r=Gijs 
The site identity security indicator machinery treats connections where the TLS
handshake failed as insecure (also referred to as "unknown identity"). Before
bug 1468222, such cases were easily detectable as the SSLStatus field of the
relevant nsITransportSecurityInfo would be null. When we merged nsISSLStatus
into nsITransportSecurityInfo, we didn't take this differentiation into account.
This patch brings back the prior behavior by checking if the securityInfo's
securityState indicates that the handshake failed (i.e. it is
STATE_IS_INSECURE).

Differential Revision: https://phabricator.services.mozilla.com/D6316

--HG--
extra : moz-landing-system : lando
2018-09-21 00:17:47 +00:00

97 lines
4.2 KiB
JavaScript
Raw Blame History

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* Any copyright is dedicated to the Public Domain.
* http://creativecommons.org/publicdomain/zero/1.0/ */
// Tests that the site identity icon and related machinery reflects the correct
// security state after navigating an iframe in various contexts.
// See bug 1490982.
const ROOT_URI = getRootDirectory(gTestPath).replace("chrome://mochitests/content",
"https://example.com");
const SECURE_TEST_URI = ROOT_URI + "iframe_navigation.html";
const INSECURE_TEST_URI = SECURE_TEST_URI.replace("https://", "http://");
// From a secure URI, navigate the iframe to about:blank (should still be
// secure).
add_task(async function() {
let uri = SECURE_TEST_URI + "#blank";
await BrowserTestUtils.withNewTab(uri, async (browser) => {
let identityMode = window.document.getElementById("identity-box").className;
is(identityMode, "verifiedDomain", "identity should be secure before");
await ContentTask.spawn(browser, null, async () => {
content.postMessage("", "*"); // This kicks off the navigation.
await ContentTaskUtils.waitForCondition(() => {
return !content.document.body.classList.contains("running");
});
});
let newIdentityMode = window.document.getElementById("identity-box").className;
is(newIdentityMode, "verifiedDomain", "identity should be secure after");
});
});
// From a secure URI, navigate the iframe to an insecure URI (http://...)
// (mixed active content should be blocked, should still be secure).
add_task(async function() {
let uri = SECURE_TEST_URI + "#insecure";
await BrowserTestUtils.withNewTab(uri, async (browser) => {
let identityMode = window.document.getElementById("identity-box").className;
is(identityMode, "verifiedDomain", "identity should be secure before");
await ContentTask.spawn(browser, null, async () => {
content.postMessage("", "*"); // This kicks off the navigation.
await ContentTaskUtils.waitForCondition(() => {
return !content.document.body.classList.contains("running");
});
});
let newIdentityMode = window.document.getElementById("identity-box").classList;
ok(newIdentityMode.contains("mixedActiveBlocked"),
"identity should be blocked mixed active content after");
ok(newIdentityMode.contains("verifiedDomain"),
"identity should still contain 'verifiedDomain'");
is(newIdentityMode.length, 2, "shouldn't have any other identity states");
});
});
// From an insecure URI (http://..), navigate the iframe to about:blank (should
// still be insecure).
add_task(async function() {
let uri = INSECURE_TEST_URI + "#blank";
await BrowserTestUtils.withNewTab(uri, async (browser) => {
let identityMode = window.document.getElementById("identity-box").className;
is(identityMode, "unknownIdentity", "identity should be 'unknown' before");
await ContentTask.spawn(browser, null, async () => {
content.postMessage("", "*"); // This kicks off the navigation.
await ContentTaskUtils.waitForCondition(() => {
return !content.document.body.classList.contains("running");
});
});
let newIdentityMode = window.document.getElementById("identity-box").className;
is(newIdentityMode, "unknownIdentity", "identity should be 'unknown' after");
});
});
// From an insecure URI (http://..), navigate the iframe to a secure URI
// (https://...) (should still be insecure).
add_task(async function() {
let uri = INSECURE_TEST_URI + "#secure";
await BrowserTestUtils.withNewTab(uri, async (browser) => {
let identityMode = window.document.getElementById("identity-box").className;
is(identityMode, "unknownIdentity", "identity should be 'unknown' before");
await ContentTask.spawn(browser, null, async () => {
content.postMessage("", "*"); // This kicks off the navigation.
await ContentTaskUtils.waitForCondition(() => {
return !content.document.body.classList.contains("running");
});
});
let newIdentityMode = window.document.getElementById("identity-box").className;
is(newIdentityMode, "unknownIdentity", "identity should be 'unknown' after");
});
});
View git blame Copy permalink