Bug 1198394 - Part 2: Add a test for interception of HSTS upgraded connections; r=jdm

dom/workers/test/serviceworkers/fetch/hsts/embedder.html

@@ -0,0 +1,7 @@
+<!DOCTYPE html>
+<script>
+  window.onmessage = function(e) {
+    window.parent.postMessage(e.data, "*");
+  };
+</script>
+<iframe src="http://example.com/tests/dom/workers/test/serviceworkers/fetch/hsts/index.html"></iframe>

dom/workers/test/serviceworkers/fetch/hsts/hsts_test.js

@@ -0,0 +1,11 @@
+self.addEventListener("fetch", function(event) {
+  if (event.request.url.indexOf("index.html") >= 0) {
+    event.respondWith(fetch("realindex.html"));
+  } else if (event.request.url.indexOf("image-20px.png") >= 0) {
+    if (event.request.url.indexOf("https://") == 0) {
+      event.respondWith(fetch("image-40px.png"));
+    } else {
+      event.respondWith(Response.error());
+    }
+  }
+});

dom/workers/test/serviceworkers/fetch/hsts/image.html

@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<script>
+onload=function(){
+  var img = new Image();
+  img.src = "http://example.com/tests/dom/workers/test/serviceworkers/fetch/hsts/image-20px.png";
+  img.onload = function() {
+    window.parent.postMessage({status: "image", data: img.width}, "*");
+  };
+  img.onerror = function() {
+    window.parent.postMessage({status: "image", data: "error"}, "*");
+  };
+};
+</script>

dom/workers/test/serviceworkers/fetch/hsts/realindex.html

@@ -0,0 +1,4 @@
+<!DOCTYPE html>
+<script>
+  window.parent.postMessage({status: "protocol", data: location.protocol}, "*");
+</script>

dom/workers/test/serviceworkers/fetch/hsts/register.html

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<script>
+  function ok(v, msg) {
+    window.parent.postMessage({status: "ok", result: !!v, message: msg}, "*");
+  }
+
+  function done(reg) {
+    ok(reg.active, "The active worker should be available.");
+    window.parent.postMessage({status: "registrationdone"}, "*");
+  }
+
+  navigator.serviceWorker.ready.then(done);
+  navigator.serviceWorker.register("hsts_test.js", {scope: "."});
+</script>

dom/workers/test/serviceworkers/fetch/hsts/register.html^headers^

@@ -0,0 +1,2 @@
+Cache-Control: no-cache
+Strict-Transport-Security: max-age=60

dom/workers/test/serviceworkers/fetch/hsts/unregister.html

@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<script>
+  navigator.serviceWorker.getRegistration(".").then(function(registration) {
+    registration.unregister().then(function(success) {
+      if (success) {
+        window.parent.postMessage({status: "unregistrationdone"}, "*");
+      }
+    }, function(e) {
+      dump("Unregistering the SW failed with " + e + "\n");
+    });
+  });
+</script>

dom/workers/test/serviceworkers/mochitest.ini

@@ -42,6 +42,15 @@ support-files =
   fetch/context/sharedworker.js
   fetch/context/parentsharedworker.js
   fetch/context/xml.xml
+  fetch/hsts/hsts_test.js
+  fetch/hsts/embedder.html
+  fetch/hsts/image.html
+  fetch/hsts/image-20px.png
+  fetch/hsts/image-40px.png
+  fetch/hsts/realindex.html
+  fetch/hsts/register.html
+  fetch/hsts/register.html^headers^
+  fetch/hsts/unregister.html
   fetch/https/index.html
   fetch/https/register.html
   fetch/https/unregister.html
@@ -259,3 +268,5 @@ skip-if = toolkit == "android" || toolkit == "gonk"
 [test_not_intercept_plugin.html]
 [test_file_blob_upload.html]
 [test_unresolved_fetch_interception.html]
+[test_hsts_upgrade_intercept.html]
+skip-if = e10s # Bug 1214305

dom/workers/test/serviceworkers/test_hsts_upgrade_intercept.html

@@ -0,0 +1,66 @@
+<!--
+  Any copyright is dedicated to the Public Domain.
+  http://creativecommons.org/publicdomain/zero/1.0/
+-->
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Test that an HSTS upgraded request can be intercepted by a service worker</title>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<p id="display"></p>
+<div id="content">
+<iframe></iframe>
+</div>
+<pre id="test"></pre>
+<script class="testbody" type="text/javascript">
+
+  var iframe;
+  var framesLoaded = 0;
+  function runTest() {
+    iframe = document.querySelector("iframe");
+    iframe.src = "https://example.com/tests/dom/workers/test/serviceworkers/fetch/hsts/register.html";
+    window.onmessage = function(e) {
+      if (e.data.status == "ok") {
+        ok(e.data.result, e.data.message);
+      } else if (e.data.status == "registrationdone") {
+        iframe.src = "http://example.com/tests/dom/workers/test/serviceworkers/fetch/hsts/index.html";
+      } else if (e.data.status == "protocol") {
+        is(e.data.data, "https:", "Correct protocol expected");
+        switch (++framesLoaded) {
+        case 1:
+          iframe.src = "https://example.com/tests/dom/workers/test/serviceworkers/fetch/hsts/embedder.html";
+          break;
+        case 2:
+          iframe.src = "https://example.com/tests/dom/workers/test/serviceworkers/fetch/hsts/image.html";
+          break;
+        }
+      } else if (e.data.status == "image") {
+        is(e.data.data, 40, "The image request was upgraded before interception");
+        iframe.src = "https://example.com/tests/dom/workers/test/serviceworkers/fetch/hsts/unregister.html";
+      } else if (e.data.status == "unregistrationdone") {
+        window.onmessage = null;
+        SpecialPowers.cleanUpSTSData("http://example.com");
+        SimpleTest.finish();
+      }
+    };
+  }
+
+  SimpleTest.waitForExplicitFinish();
+  onload = function() {
+    SpecialPowers.pushPrefEnv({"set": [
+      ["dom.serviceWorkers.exemptFromPerDomainMax", true],
+      ["dom.serviceWorkers.enabled", true],
+      ["dom.serviceWorkers.testing.enabled", true],
+      ["dom.serviceWorkers.interception.enabled", true],
+      // This is needed so that we can test upgrading a non-secure load inside an https iframe.
+      ["security.mixed_content.block_active_content", false],
+      ["security.mixed_content.block_display_content", false],
+    ]}, runTest);
+  };
+</script>
+</pre>
+</body>
+</html>