The Tor Browser / file diff

diff: security/manager/ssl/tests/unit/test_sts_holepunch.js

security/manager/ssl/tests/unit/test_sts_holepunch.js

changeset 0
6474c204b198
     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/security/manager/ssl/tests/unit/test_sts_holepunch.js	Wed Dec 31 06:09:35 2014 +0100
     1.3 @@ -0,0 +1,36 @@
     1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
     1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
     1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/.
     1.7 + */
     1.8 +"use strict";
     1.9 +
    1.10 +// bug 961528: chart.apis.google.com doesn't handle https. Check that
    1.11 +// it isn't considered HSTS (other example.apis.google.com hosts should be
    1.12 +// HSTS as long as they're on the preload list, however).
    1.13 +function run_test() {
    1.14 +  let SSService = Cc["@mozilla.org/ssservice;1"]
    1.15 +                    .getService(Ci.nsISiteSecurityService);
    1.16 +  do_check_false(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
    1.17 +                                        "chart.apis.google.com", 0));
    1.18 +  do_check_false(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
    1.19 +                                        "CHART.APIS.GOOGLE.COM", 0));
    1.20 +  do_check_false(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
    1.21 +                                        "sub.chart.apis.google.com", 0));
    1.22 +  do_check_false(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
    1.23 +                                        "SUB.CHART.APIS.GOOGLE.COM", 0));
    1.24 +  do_check_true(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
    1.25 +                                       "example.apis.google.com", 0));
    1.26 +  do_check_true(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
    1.27 +                                       "EXAMPLE.APIS.GOOGLE.COM", 0));
    1.28 +  do_check_true(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
    1.29 +                                       "sub.example.apis.google.com", 0));
    1.30 +  do_check_true(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
    1.31 +                                       "SUB.EXAMPLE.APIS.GOOGLE.COM", 0));
    1.32 +  // also check isSecureURI
    1.33 +  let chartURI = Services.io.newURI("http://chart.apis.google.com", null, null);
    1.34 +  do_check_false(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
    1.35 +                                       chartURI, 0));
    1.36 +  let otherURI = Services.io.newURI("http://other.apis.google.com", null, null);
    1.37 +  do_check_true(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
    1.38 +                                      otherURI, 0));
    1.39 +}

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial