| blob | 2d97a79f3ffd6bf3e5108f20f48e91337f968b16 |
1 #
2 # This Source Code Form is subject to the terms of the Mozilla Public
3 # License, v. 2.0. If a copy of the MPL was not distributed with this
4 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
6 #
7 # This file defines the locations at which this HTTP server may be accessed.
8 # It is referred to by the following page, so if this file moves, that page must
9 # be modified accordingly:
10 #
11 # https://firefox-source-docs.mozilla.org/testing/mochitest-plain/faq.html
12 #
13 # Empty lines and lines which begin with "#" are ignored and may be used for
14 # storing comments. All other lines consist of an origin followed by whitespace
15 # and a comma-separated list of options (if indeed any options are needed).
16 #
17 # The format of an origin is, referring to RFC 2396, a scheme (either "http" or
18 # "https"), followed by "://", followed by a host, followed by ":", followed by
19 # a port number. The colon and port number must be present even if the port
20 # number is the default for the protocol.
21 #
22 # Unrecognized options are ignored. Recognized options are "primary" and
23 # "privileged", "nocert", "cert=some_cert_nickname", "redir=hostname" and
24 # "failHandshake".
25 #
26 # "primary" denotes a location which is the canonical location of
27 # the server; this location is the one assumed for requests which don't
28 # otherwise identify a particular origin (e.g. HTTP/1.0 requests).
29 #
30 # "privileged" denotes a location which should have the ability to request
31 # elevated privileges; the default is no privileges.
32 #
33 # "nocert" makes sense only for https:// hosts and means there is not
34 # any certificate automatically generated for this host.
35 #
36 # "failHandshake" causes the tls handshake to fail (by sending a client hello to
37 # the client).
38 #
39 # "cert=nickname" tells the pgo server to use a particular certificate
40 # for this host. The certificate is referenced by its nickname that must
41 # not contain any spaces. The certificate key files (PKCS12 modules)
42 # for custom certification are loaded from build/pgo/certs
43 # directory. When new certificate is added to this dir pgo/ssltunnel
44 # must be built then. This is only necessary for cases where we really do
45 # want specific certs.
46 # You can find instructions on how to add or modify certificates at:
47 # https://firefox-source-docs.mozilla.org/build/buildsystem/test_certificates.html
48 #
49 # "redir=hostname" tells the pgo server is only used for https://
50 # hosts while processing the CONNECT tunnel request. It responds
51 # to the CONNECT with a 302 and redirection to the hostname instead
52 # of connecting to the real back end and replying with a 200. This
53 # mode exists primarily to ensure we don't allow a proxy to do that.
54 #
56 #
57 # This is the primary location from which tests run.
58 #
59 http://mochi.test:8888 primary,privileged
61 #
62 # These are a common set of prefixes scattered across one TLD with two ports and
63 # another TLD on a single port.
64 #
65 http://127.0.0.1:80 privileged
66 http://127.0.0.1:8888 privileged
67 http://test:80 privileged
68 http://mochi.test:8888 privileged
69 http://mochi.xorigin-test:8888 privileged
70 http://test1.mochi.test:8888
71 http://sub1.test1.mochi.test:8888
72 http://sub2.xn--lt-uia.mochi.test:8888
73 http://test2.mochi.test:8888
74 http://example.org:80 privileged
75 http://test1.example.org:80 privileged
76 http://test2.example.org:80 privileged
77 http://test3.example.org:80 privileged
78 http://sub1.test1.example.org:80 privileged
79 http://sub1.test2.example.org:80 privileged
80 http://sub2.test1.example.org:80 privileged
81 http://sub2.test2.example.org:80 privileged
82 http://example.org:8000 privileged
83 http://test1.example.org:8000 privileged
84 http://test2.example.org:8000 privileged
85 http://sub1.test1.example.org:8000 privileged
86 http://sub1.test2.example.org:8000 privileged
87 http://sub2.test1.example.org:8000 privileged
88 http://sub2.test2.example.org:8000 privileged
89 http://example.com:80 privileged
90 http://www.example.com:80 privileged
91 http://test1.example.com:80 privileged
92 http://test2.example.com:80 privileged
93 http://sub1.test1.example.com:80 privileged
94 http://sub1.test2.example.com:80 privileged
95 http://sub2.test1.example.com:80 privileged
96 http://sub2.test2.example.com:80 privileged
97 http://example.net:80 privileged
98 http://supports-insecure.expired.example.com:80 privileged
99 # Used to test that clearing Service Workers for domain example.com, does not clear prefixexample.com
100 http://prefixexample.com:80
102 # The first HTTPS location is used to generate the Common Name (CN) value of the
103 # certificate's Issued To field.
104 https://example.com:443 privileged
105 https://www.example.com:443 privileged
106 https://test1.example.com:443 privileged
107 https://test2.example.com:443 privileged
108 https://example.org:443 privileged
109 https://test1.example.org:443 privileged
110 https://test2.example.org:443 privileged
111 https://sub1.test1.example.org:443 privileged
112 https://sub1.test2.example.org:443 privileged
113 https://sub2.test1.example.org:443 privileged
114 https://sub2.test2.example.org:443 privileged
115 https://sub1.test1.example.com:443 privileged
116 https://sub1.test2.example.com:443 privileged
117 https://sub2.test1.example.com:443 privileged
118 https://sub2.test2.example.com:443 privileged
119 https://example.net:443 privileged
120 https://nocert.example.com:443 privileged,nocert
121 https://nocert.example.org:443 privileged,nocert
122 https://self-signed.example.com:443 privileged,cert=selfsigned
123 https://untrusted.example.com:443 privileged,cert=untrusted
124 https://expired.example.com:443 privileged,cert=expired
125 https://requestclientcert.example.com:443 privileged,clientauth=request
126 https://requireclientcert.example.com:443 privileged,clientauth=require
127 https://requireclientcert-2.example.com:443 privileged,clientauth=require
128 https://requireclientcert-untrusted.example.com:443 privileged,clientauth=require,cert=untrusted
129 https://mismatch.expired.example.com:443 privileged,cert=expired
130 https://mismatch.untrusted.example.com:443 privileged,cert=untrusted
131 https://untrusted-expired.example.com:443 privileged,cert=untrustedandexpired
132 https://mismatch.untrusted-expired.example.com:443 privileged,cert=untrustedandexpired
133 https://supports-insecure.expired.example.com:443 privileged,cert=expired
134 https://no-subject-alt-name.example.com:443 cert=noSubjectAltName
136 # Used for secure contexts on ip addresses, see bug 1616675. Note that
137 # 127.0.0.1 prompts ssltunnel.cpp to do special-cases, so we use .2
138 https://127.0.0.2:443 privileged,ipV4Address
139 https://secureonly.example.com:443
141 # Prevent safebrowsing tests from hitting the network for its-a-trap.html and
142 # its-an-attack.html.
143 http://www.itisatrap.org:80
144 https://www.itisatrap.org:443
146 #
147 # These are subdomains of <ält.example.org>.
148 #
149 http://sub1.xn--lt-uia.example.org:8000 privileged
150 http://sub2.xn--lt-uia.example.org:80 privileged
151 http://xn--exmple-cua.test:80 privileged
152 http://sub1.xn--exmple-cua.test:80 privileged
153 http://xn--exaple-kqf.test:80 privileged
154 http://sub1.xn--exaple-kqf.test:80 privileged
156 https://xn--hxajbheg2az3al.xn--jxalpdlp:443 privileged
157 https://sub1.xn--hxajbheg2az3al.xn--jxalpdlp:443 privileged
159 #
160 # These are subdomains of <παράδειγμα.δοκιμή>, the Greek IDN for example.test.
161 #
162 http://xn--hxajbheg2az3al.xn--jxalpdlp:80 privileged
163 http://sub1.xn--hxajbheg2az3al.xn--jxalpdlp:80 privileged
165 # Bug 413909 test host
166 https://bug413909.xn--hxajbheg2az3al.xn--jxalpdlp:443 privileged,cert=bug413909cert
168 #
169 # These hosts are used in tests which exercise privilege-granting functionality;
170 # we could reuse some of the names above, but specific names make it easier to
171 # distinguish one from the other in tests (as well as what functionality is
172 # being tested).
173 #
174 http://sectest1.example.org:80 privileged
175 http://sub.sectest2.example.org:80 privileged
176 http://sectest2.example.org:80
177 http://sub.sectest1.example.org:80
179 https://sectest1.example.org:443 privileged
180 https://sub.sectest2.example.org:443 privileged
181 https://sectest2.example.org:443
182 https://sub.sectest1.example.org:443
184 #
185 # Used while testing the url-classifier
186 #
187 http://malware.example.com:80
188 http://unwanted.example.com:80
189 http://tracking.example.com:80
190 http://cryptomining.example.com:80
191 http://fingerprinting.example.com:80
192 http://not-tracking.example.com:80
193 http://tracking.example.org:80
194 http://another-tracking.example.net:80
195 http://social-tracking.example.org:80
196 http://itisatracker.org:80
197 https://itisatracker.org:443
198 http://trackertest.org:80
199 http://email-tracking.example.org:80
200 #
201 # Used while testing TLS session ticket resumption for third-party trackers (bug 1500533)
202 # (DO NOT USE THIS HOST IN OTHER TESTS!)
203 #
204 https://tlsresumptiontest.example.org:443
206 https://malware.example.com:443
207 https://unwanted.example.com:443
208 https://tracking.example.com:443
209 https://cryptomining.example.com:443
210 https://fingerprinting.example.com:443
211 https://not-tracking.example.com:443
212 https://tracking.example.org:443
213 https://another-tracking.example.net:443
214 https://social-tracking.example.org:443
215 https://email-tracking.example.org:443
217 #
218 # Used while testing flash blocking (Bug 1307604)
219 #
220 http://flashallow.example.com:80
221 http://exception.flashallow.example.com:80
222 http://flashblock.example.com:80
223 http://exception.flashblock.example.com:80
224 http://subdocument.example.com:80
225 https://subdocument.example.com:443
226 http://exception.subdocument.example.com:80
228 #
229 # Used while testing tracking protection (Bug 1580416)
230 # Not that apps.fbsbx.com is a public suffix
231 #
232 http://mochitest.apps.fbsbx.com:80
234 #
235 # Flash usage can fail unless this URL exists
236 #
237 http://fpdownload2.macromedia.com:80
238 https://fpdownload2.macromedia.com:443
240 # Bug 1281083
241 http://bug1281083.example.com:80
243 # Bug 483437, 484111
244 https://www.bank1.com:443 privileged,cert=escapeattack1
246 #
247 # CONNECT for redirproxy results in a 302 redirect to
248 # test1.example.com
249 #
250 https://redirproxy.example.com:443 privileged,redir=test1.example.com
252 # Host used for IndexedDB Quota testing
253 http://bug704464-1.example.com:80 privileged
254 http://bug704464-2.example.com:80 privileged
255 http://bug704464-3.example.com:80 privileged
256 http://bug702292.example.com:80 privileged
258 # W3C hosts.
259 # See http://www.w3.org/wiki/Testing/Requirements#The_Web_test_server_must_be_available_through_different_domain_names
260 http://w3c-test.org:80
261 http://w3c-test.org:81
262 http://w3c-test.org:82
263 http://w3c-test.org:83
264 http://www.w3c-test.org:80
265 http://www.w3c-test.org:81
266 http://www.w3c-test.org:82
267 http://www.w3c-test.org:83
268 http://www1.w3c-test.org:80
269 http://www1.w3c-test.org:81
270 http://www1.w3c-test.org:82
271 http://www1.w3c-test.org:83
272 http://www2.w3c-test.org:80
273 http://www2.w3c-test.org:81
274 http://www2.w3c-test.org:82
275 http://www2.w3c-test.org:83
276 # http://天気の良い日.w3c-test.org
277 http://xn--n8j6ds53lwwkrqhv28a.w3c-test.org:80
278 http://xn--n8j6ds53lwwkrqhv28a.w3c-test.org:81
279 http://xn--n8j6ds53lwwkrqhv28a.w3c-test.org:82
280 http://xn--n8j6ds53lwwkrqhv28a.w3c-test.org:83
281 # http://élève.w3c-test.org
282 http://xn--lve-6lad.w3c-test.org:80
283 http://xn--lve-6lad.w3c-test.org:81
284 http://xn--lve-6lad.w3c-test.org:82
285 http://xn--lve-6lad.w3c-test.org:83
286 # HTTPS versions of the above
287 https://w3c-test.org:443
288 https://www.w3c-test.org:443
289 https://www1.w3c-test.org:443
290 https://www2.w3c-test.org:443
291 https://xn--n8j6ds53lwwkrqhv28a.w3c-test.org:443
292 https://xn--lve-6lad.w3c-test.org:443
293 http://test.w3.org:80
295 # Hosts for testing TLD-based fallback encoding
296 http://example.tw:80 privileged
297 http://example.cn:80 privileged
298 http://example.co.jp:80 privileged
299 http://example.fi:80 privileged
300 http://example.in:80 privileged
301 http://example.lk:80 privileged
303 # Host for HPKP
304 https://include-subdomains.pinning-dynamic.example.com:443 privileged,cert=dynamicPinningGood
305 https://bad.include-subdomains.pinning-dynamic.example.com:443 privileged,cert=dynamicPinningBad
307 # Host for static pin tests
308 https://badchain.include-subdomains.pinning.example.com:443 privileged,cert=staticPinningBad
309 https://fail-handshake.example.com:443 privileged,failHandshake
311 # Host for bad cert domain fixup test
312 https://badcertdomain.example.com:443 privileged,cert=badCertDomain
313 https://www.badcertdomain.example.com:443 privileged,cert=badCertDomain
314 https://127.0.0.3:433 privileged,cert=badCertDomain
315 https://badcertdomain.example.com:82 privileged,cert=badCertDomain
316 https://mismatch.badcertdomain.example.com:443 privileged,cert=badCertDomain
318 # Hosts for HTTPS-First upgrades/downgrades
319 http://httpsfirst.com:80 privileged
320 https://httpsfirst.com:443 privileged,nocert
322 # Hosts for sha1 console warning tests
323 https://sha1ee.example.com:443 privileged,cert=sha1_end_entity
324 https://sha256ee.example.com:443 privileged,cert=sha256_end_entity
326 # Hosts for imminent distrust warning tests
327 https://imminently-distrusted.example.com:443 privileged,cert=imminently_distrusted
329 # Hosts for ssl3/3des/tls1 tests
330 https://ssl3.example.com:443 privileged,ssl3
331 https://3des.example.com:443 privileged,3des,tls1,tls1_2
332 https://tls1.example.com:443 privileged,tls1
333 https://tls11.example.com:443 privileged,tls1_1
334 https://tls12.example.com:443 privileged,tls1_2
335 https://tls13.example.com:443 privileged,tls1,tls1_3
337 # Hosts for youtube rewrite tests
338 https://mochitest.youtube.com:443
340 # Host for U2F localhost tests
341 https://localhost:443
343 # Bug 1402530
344 http://localhost:80 privileged
346 http://localhost:9898
347 http://localhost:9899
349 # Host for testing APIs whitelisted for mozilla.org
350 https://www.mozilla.org:443
352 # local-IP origins for password manager tests (Bug 1582499)
353 http://10.0.0.0:80 privileged
354 http://192.168.0.0:80 privileged
356 # testing HTTPS-Only Suggestions on the Error Page (Bug 1665057)
357 https://www.suggestion-example.com:443 privileged,cert=bug1665057cert
358 http://suggestion-example.com:80 privileged
359 https://suggestion-example.com:443 privileged,cert=badCertDomain
360 http://no-suggestion-example.com:80 privileged
361 https://no-suggestion-example.com:443 privileged,cert=badCertDomain
363 # testing HTTPS-First doesn't show warning page for bad cert
364 http://nocert.example.com:80 privileged
365 http://self-signed.example.com:80 privileged
366 http://untrusted.example.com:80 privileged
367 http://untrusted-expired.example.com:80 privileged
368 http://no-subject-alt-name.example.com:80 privileged
369 http://expired.example.com:80 privileged
371 # testing HTTPS-First behaviour for redirection (Bug 1706126)
372 http://redirect-example.com:80 privileged
373 https://redirect-example.com:443 privileged,cert=bug1706126cert
374 https://www.redirect-example.com:443 privileged,cert=bug1706126cert
376 # DoH server
377 https://foo.example.com:4433 privileged,cert=http2-cert.pem
379 # Mochitest
380 https://mochi.test:443 privileged,cert=mochitest-cert.pem
382 # condprof common transactions
383 http://profile.stage.mozaws.net:80 privileged
384 https://profile.stage.mozaws.net:443 privileged
385 http://ocsp.pki.goog:80 privileged
386 https://ocsp.pki.goog:443 privileged
388 # External IP address only available via http (Bug 1855734)
389 http://123.123.123.123:80 privileged
390 https://123.123.123.123:443 privileged,nocert
392 # Domain with HSTS preloaded
393 http://includesubdomains.preloaded.test:80 privileged
394 https://includesubdomains.preloaded.test:443 privileged