Bug 1745186 - HTTPS-First: Test http fallback of download attribute. r=ckerschb (315d8e83) · Commits · The Tor Project / Applications / Tor Browser

dom/security/test/https-first/browser.ini

+4 −0

Original line number	Diff line number	Diff line
		@@ -12,6 +12,10 @@ support-files = file_downgrade_view_source.sjs
		support-files = file_navigation.html
		[browser_httpsfirst_speculative_connect.js]
		support-files = file_httpsfirst_speculative_connect.html
		[browser_download_attribute.js]
		support-files = file_download_attribute.html
		file_download_attribute.sjs

		[browser_mixed_content_download.js]
		skip-if = win10_2004 && debug # Bug 1723573
		support-files =

dom/security/test/https-first/browser_download_attribute.js

0 → 100644

+125 −0

Original line number	Diff line number	Diff line
		"use strict";

		// Create a uri for an http site
		//(in that case a site without cert such that https-first isn't upgrading it)
		const insecureTestPath = getRootDirectory(gTestPath).replace(
		"chrome://mochitests/content",
		"http://nocert.example.com"
		);
		const insecureTestURI = insecureTestPath + "file_download_attribute.html";

		function promisePanelOpened() {
		if (DownloadsPanel.panel && DownloadsPanel.panel.state == "open") {
		return Promise.resolve();
		}
		return BrowserTestUtils.waitForEvent(DownloadsPanel.panel, "popupshown");
		}

		const CONSOLE_UPGRADE_TRY_MESSAGE = "Upgrading insecure request";
		const CONSOLE_ERROR_MESSAGE = "Downgrading to “http” again";
		const DOWNLOAD_PAGE_URL =
		"nocert.example.com/browser/dom/security/test/https-first/file_download_attribute.html";
		const DOWNLOAD_LINK_URL =
		"nocert.example.com/browser/dom/security/test/https-first/file_download_attribute.sjs";

		// Verifys that https-first tried to upgrade the download
		// - and that the upgrade attempt failed.
		// We will receive 4 messages. Two for upgrading and downgrading
		// the download page and another two for upgrading and downgrading
		// the download.
		let msgCounter = 0;
		function shouldConsoleTryUpgradeAndError() {
		// Waits until CONSOLE_ERROR_MESSAGE was logged.
		// Checks if download was tried via http://
		return new Promise((resolve, reject) => {
		function listener(msgObj) {
		let text = msgObj.message;
		// Verify upgrade messages
		if (
		text.includes(CONSOLE_UPGRADE_TRY_MESSAGE) &&
		text.includes("http://")
		) {
		if (msgCounter == 0) {
		ok(
		text.includes(DOWNLOAD_PAGE_URL),
		"Tries to upgrade nocert example to https"
		);
		} else {
		ok(
		text.includes(DOWNLOAD_LINK_URL),
		"Tries to upgrade download to https"
		);
		}
		msgCounter++;
		}
		// Verify downgrade messages
		if (text.includes(CONSOLE_ERROR_MESSAGE) && msgCounter > 0) {
		if (msgCounter == 1) {
		ok(
		text.includes("https://" + DOWNLOAD_PAGE_URL),
		"Downgrades nocert example to http"
		);
		msgCounter++;
		} else {
		ok(
		text.includes("https://" + DOWNLOAD_LINK_URL),
		"Downgrades download to http"
		);
		Services.console.unregisterListener(listener);
		resolve();
		}
		}
		}
		Services.console.registerListener(listener);
		});
		}

		// Test https-first download of an html file from an http site.
		// Test description:
		// 1. https-first tries to upgrade site to https
		// 2. upgrade fails because site has no certificate
		// 3. https-first downgrades to http and starts download via http
		// 4. Successfully completes download
		add_task(async function test_with_downloads_pref_enabled() {
		await SpecialPowers.pushPrefEnv({
		set: [["dom.security.https_first", true]],
		});
		let checkPromise = shouldConsoleTryUpgradeAndError();
		let downloadsPanelPromise = promisePanelOpened();
		let downloadsPromise = Downloads.getList(Downloads.PUBLIC);

		BrowserTestUtils.loadURI(gBrowser, insecureTestURI);
		// wait for downloadsPanel to open before continuing with test
		await downloadsPanelPromise;
		let downloadList = await downloadsPromise;
		await checkPromise;
		is(DownloadsPanel.isPanelShowing, true, "DownloadsPanel should be open.");
		is(
		downloadList._downloads.length,
		1,
		"File should be successfully downloaded."
		);

		let [download] = downloadList._downloads;
		is(download.contentType, "text/html", "File contentType should be correct.");
		// ensure https-first didn't upgrade the scheme.
		is(
		download.source.url,
		insecureTestPath + "file_download_attribute.sjs",
		"Scheme should be http."
		);

		info("cleaning up downloads");
		try {
		if (Services.appinfo.OS === "WINNT") {
		// We need to make the file writable to delete it on Windows.
		await IOUtils.setPermissions(download.target.path, 0o600);
		}
		await IOUtils.remove(download.target.path);
		} catch (error) {
		info("The file " + download.target.path + " is not removed, " + error);
		}

		await downloadList.remove(download);
		await download.finalize();
		});

dom/security/test/https-first/file_download_attribute.html

0 → 100644

+14 −0

Original line number	Diff line number	Diff line
		<!DOCTYPE HTML>
		<html>
		<head>
		<title>Test download attribute for http site</title>
		</head>
		<body>
		<a href="http://nocert.example.com/browser/dom/security/test/https-first/file_download_attribute.sjs" download="some.html" id="testlink">download by attribute</a>
		<script>
		// click the link to start download
		let testlink = document.getElementById("testlink");
		testlink.click();
		</script>
		</body>
		</html>

dom/security/test/https-first/file_download_attribute.sjs

0 → 100644

+12 −0

Original line number	Diff line number	Diff line
		function handleRequest(request, response) {
		// Only answer to http, in case request is in https let the reply time out.
		if (request.scheme === "https") {
		response.processAsync();
		return;
		}

		response.setHeader("Cache-Control", "no-cache", false);
		response.setHeader("Content-Disposition", "attachment; filename=some.html");
		response.setHeader("Content-Type", "text/html");
		response.write("success!");
		}