Closed Bug 1663396 Opened 5 years ago Closed 5 years ago

HTTPS-Only: Write test that http background request does not leak privacy info

Categories

(Core :: DOM: Security, task, P2)

Product:
Core
Component:
DOM: Security
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
82 Branch
Tracking Flags:
Tracking Status
firefox82 --- fixed

People

(Reporter: ckerschb, Assigned: ckerschb)

References

Details

(Whiteboard: [domsecurity-active])

Attachments

(1 file)

Bug 1663396: Test HTTPS-Only-Mode top-level background request not leaking sensitive info
47 bytes, text/x-phabricator-request
Details | Review

Follo9w up to Bug 1660945: Within Bug 1660945 we are stripping path information. Let's make sure that really happens in a test.

Whiteboard: [domsecurity-active]
Pushed by mozilla@christophkerschbaumer.com: https://hg.mozilla.org/integration/autoland/rev/0258ead642b9 Test HTTPS-Only-Mode top-level background request not leaking sensitive info r=JulianWels

Backed out for failures on test_http_background_request.html

backout: https://hg.mozilla.org/integration/autoland/rev/f0af7e8af2c69a5cc24f03e97a329412ac4377e9

push: https://treeherder.mozilla.org/#/jobs?repo=autoland&selectedTaskRun=d8Za5x1FSliu8G_lrAu0mw.0&revision=0258ead642b922c49d5fd6aab4caa759f79915ce&group_state=expanded

failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=315030841&repo=autoland&lineNumber=6230

[task 2020-09-07T17:36:19.403Z] 17:36:19 INFO - 2503 INFO TEST-PASS | dom/security/test/https-only/test_http_background_request.html | upgraded request needs to be https
[task 2020-09-07T17:36:19.403Z] 17:36:19 INFO - Buffered messages finished
[task 2020-09-07T17:36:19.403Z] 17:36:19 WARNING - 2504 INFO TEST-UNEXPECTED-FAIL | dom/security/test/https-only/test_http_background_request.html | background request needs to be http and no sensitive info like path - got "http://10.0.2.2:8854/safebrowsing4-dummy/update&$req=ChUKE25hdmNsaWVudC1hdXRvLWZmb3gaCggFEAIiAiACKAEaCggEEAMiAiACKAEaCggDEAMiAiACKAE=", expected "http://example.com/"
[task 2020-09-07T17:36:19.403Z] 17:36:19 INFO - SimpleTest.is@SimpleTest/SimpleTest.js:500:14
[task 2020-09-07T17:36:19.404Z] 17:36:19 INFO - observe@dom/security/test/https-only/test_http_background_request.html:46:9
[task 2020-09-07T17:36:19.404Z] 17:36:19 WARNING - 2505 INFO TEST-UNEXPECTED-FAIL | dom/security/test/https-only/test_http_background_request.html | we should never get here, but just in case
[task 2020-09-07T17:36:19.404Z] 17:36:19 INFO - SimpleTest.ok@SimpleTest/SimpleTest.js:417:16
[task 2020-09-07T17:36:19.404Z] 17:36:19 INFO - observe@dom/security/test/https-only/test_http_background_request.html:49:7
[task 2020-09-07T17:36:19.404Z] 17:36:19 WARNING - 2506 INFO TEST-UNEXPECTED-FAIL | dom/security/test/https-only/test_http_background_request.html | three requests total (kickoff, upgraded, background) - got 4, expected 3
[task 2020-09-07T17:36:19.405Z] 17:36:19 INFO - SimpleTest.is@SimpleTest/SimpleTest.js:500:14
[task 2020-09-07T17:36:19.405Z] 17:36:19 INFO - runTests@dom/security/test/https-only/test_http_background_request.html:77:5

Flags: needinfo?(ckerschb)

(In reply to Natalia Csoregi [:nataliaCs] from comment #3)

Backed out for failures on test_http_background_request.html

Oh, on Android we have other requests appear in the observer as well. I will make sure the test only evaluates requests triggered by the test itself.

Flags: needinfo?(ckerschb)
Pushed by mozilla@christophkerschbaumer.com: https://hg.mozilla.org/integration/autoland/rev/fb9c01b719fa Test HTTPS-Only-Mode top-level background request not leaking sensitive info r=JulianWels

https://hg.mozilla.org/mozilla-central/rev/fb9c01b719fa

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
status-firefox82: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 82 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: