4 <title>Test bug
466080</title>
5 <script src=
"/tests/SimpleTest/SimpleTest.js"></script>
6 <link rel=
"stylesheet" type=
"text/css" href=
"/tests/SimpleTest/test.css" />
10 src=
"https://requireclientcert.example.com/tests/dom/base/test/bug466080.sjs">
12 This iframe should load the resource via the src-attribute from
13 a secure server which requires a client-cert. Doing this is
14 supposed to work, but further below in the test we try to load
15 the resource from the same url using a XHR, which should not work.
17 TODO : What if we change 'src' from JS? Would/should it load?
21 <script class=
"testbody" type=
"text/javascript">
29 // load resource from a relative url - this should work
30 { url:
"bug466080.sjs",
32 error:
"XHR from relative URL"},
34 // TODO - load the resource from a relative url via https..?
36 // load a non-existing resource - should get
"404 Not Found"
37 { url:
"bug466080-does-not.exist",
39 error:
"XHR loading non-existing resource"},
41 // load resource from cross-site non-secure server
42 { url:
"http://test1.example.com/tests/dom/base/test/bug466080.sjs",
44 error:
"XHR from cross-site plaintext server"},
46 // load resource from cross-site secure server - should work since no credentials are needed
47 { url:
"https://test1.example.com/tests/dom/base/test/bug466080.sjs",
49 error:
"XHR from cross-site secure server"},
51 // load resource from cross-site secure server - should work since the server just requests certs
52 { url:
"https://requestclientcert.example.com/tests/dom/base/test/bug466080.sjs",
54 error:
"XHR from cross-site secure server requesting certificate"},
56 // load resource from cross-site secure server - should NOT work since the server requires cert
57 // note that this is the url which is used in the iframe.src above
58 { url:
"https://requireclientcert.example.com/tests/dom/base/test/bug466080.sjs",
60 error:
"XHR from cross-site secure server requiring certificate"},
62 // repeat previous, - should NOT work
63 { url:
"https://requireclientcert.example.com/tests/dom/base/test/bug466080.sjs",
65 error:
"XHR w/ credentials from cross-site secure server requiring certificate",
66 withCredentials:
"true"},
68 // repeat previous, but with credentials - should work
69 { url:
"https://requireclientcert.example.com/tests/dom/base/test/bug466080.sjs",
71 error:
"XHR w/ credentials from cross-site secure server requiring certificate",
72 withCredentials:
"true"},
74 // repeat previous, withCredentials but using a weird method to force preflight
75 // should NOT work since our preflight is anonymous and will fail with our simple server
76 { url:
"https://requireclientcert.example.com/tests/dom/base/test/bug466080.sjs",
78 error:
"XHR PREFLIGHT from cross-site secure server requiring certificate",
79 withCredentials:
"true",
82 // repeat previous, withCredentials but using a weird method to force preflight
83 // Set network.cors_preflight.allow_client_cert pref, that will allow cers on an
84 // anonymous connection.
85 // This should work since our preflight will work now.
86 { url:
"https://requireclientcert.example.com/tests/dom/base/test/bug466080.sjs",
88 error:
"XHR PREFLIGHT from cross-site secure server requiring certificate",
89 withCredentials:
"true",
91 enableCertOnPreflight: true},
93 { cleanEnableCertOnPreflight: true},
96 async function onWindowLoad() {
97 // First, check that resource was loaded into the iframe
98 // This check in fact depends on bug #
444165... :)
99 await new Promise(resolve =
> {
100 document.getElementById(
"frame1").onload = () =
> { resolve(); };
103 async function runTest(test) {
104 if (test.cleanEnableCertOnPreflight) {
105 await SpecialPowers.pushPrefEnv({
"set": [[
"network.cors_preflight.allow_client_cert", false]]});
106 if (!alltests.length) {
109 runTest(alltests.shift());
112 if (test.enableCertOnPreflight != null) {
113 await SpecialPowers.pushPrefEnv({
"set": [[
"network.cors_preflight.allow_client_cert", true]]});
115 var xhr = new XMLHttpRequest();
118 if (test.method != null) { method = test.method; }
119 xhr.open(method, test.url);
121 xhr.withCredentials = test.withCredentials;
123 SpecialPowers.wrap(xhr).setRequestHeader(
"Connection",
"Keep-Alive", false);
130 xhr.onloadend = function() {
131 // eslint-disable-next-line no-eval
132 var success = eval(xhr.status + test.status_check);
133 ok(success, test.error);
135 if (!alltests.length) {
138 runTest(alltests.shift());
144 runTest(alltests.shift());
147 SimpleTest.waitForExplicitFinish();