Bug 1706577: HTTPS-First should handle fragment navigation correctly. r=JulianWels

Differential Revision: https://phabricator.services.mozilla.com/D113107

dom/security/nsHTTPSOnlyUtils.cpp

@@ -615,7 +615,8 @@ bool nsHTTPSOnlyUtils::IsEqualURIExceptSchemeAndRef(nsIURI* aHTTPSSchemeURI,
 
   // 3. Check if the HTTPS-Only Mode is even enabled, before we do anything else
   bool isPrivateWin = aLoadInfo->GetOriginAttributes().mPrivateBrowsingId > 0;
-  if (!IsHttpsOnlyModeEnabled(isPrivateWin)) {
+  if (!IsHttpsOnlyModeEnabled(isPrivateWin) &&
+      !IsHttpsFirstModeEnabled(isPrivateWin)) {
     return false;
   }
 

dom/security/test/https-first/file_fragment.html

@@ -0,0 +1,42 @@
+<!DOCTYPE HTML>
+<html>
+<script>
+
+function beforeunload(){
+  window.opener.postMessage({
+    info: "before-unload",
+    result: window.location.hash,
+    button: false,
+  }, "*");
+}
+
+window.onload = function (){
+  let button = window.document.getElementById("clickMeButton");
+  let buttonExist = button !== null;
+  window.opener.postMessage({
+    info: "onload",
+    result: window.location.href,
+    button: buttonExist,
+  }, "*");
+  button.click();
+
+}
+
+// after button clicked and paged scrolled sends URL of current window
+window.onscroll = function(){
+  window.opener.postMessage({
+    info: "scrolled-to-foo",
+    result: window.location.hash,
+    button: true,
+  }, "*");
+ }
+
+
+</script>
+<body onbeforeunload="/*just to notify if we load a new page*/ beforeunload()";>
+  <a id="clickMeButton" href="http://example.com/tests/dom/security/test/https-first/file_fragment.html#foo">Click me</a>
+  <div style="height: 1000px; border: 1px solid black;"> space</div>
+  <a name="foo" href="http://example.com/tests/dom/security/test/https-first/file_fragment.html">foo</a>
+  <div style="height: 1000px; border: 1px solid black;">space</div>
+</body>
+</html>

dom/security/test/https-first/mochitest.ini

@@ -0,0 +1,4 @@
+[DEFAULT]
+
+[test_fragment.html]
+support-files = file_fragment.html

dom/security/test/https-first/test_fragment.html

@@ -0,0 +1,58 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+<title>Bug 1706577: Have https-first mode account for fragment navigations</title>
+<script src="/tests/SimpleTest/SimpleTest.js"></script>
+<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+
+<script class="testbody" type="text/javascript">
+"use strict";
+/*
+ * Description of the test:
+ * Have https-first detect a fragment navigation rather than navigating away
+ * from the page.
+ */
+
+SimpleTest.waitForExplicitFinish();
+
+const REQUEST_URL = "http://example.com/tests/dom/security/test/https-first/file_fragment.html";
+const EXPECT_URL = REQUEST_URL.replace("http://", "https://");
+
+let winTest = null;
+let checkButtonClicked = false;
+
+async function receiveMessage(event) {
+  let data = event.data;
+  if (!checkButtonClicked) {
+    ok(data.result == EXPECT_URL, "location is correct");
+    ok(data.button, "button is clicked");
+    ok(data.info == "onload", "Onloading worked");
+    checkButtonClicked = true;
+    return;
+  }
+
+  // Once the button was clicked we know the tast has finished
+  ok(data.button, "button is clicked");
+  ok(data.result == "#foo", "location (hash) is correct");
+  ok(data.info == "scrolled-to-foo","Scrolled successfully without reloading!");
+  window.removeEventListener("message",receiveMessage);
+  winTest.close();
+  SimpleTest.finish();
+}
+
+async function runTest() {
+  await SpecialPowers.pushPrefEnv({ set: [
+    ["dom.security.https_first", true],
+  ]});
+  winTest = window.open(REQUEST_URL);
+}
+
+window.addEventListener("message", receiveMessage);
+
+runTest();
+
+</script>
+</body>
+</html>

dom/security/test/moz.build

@@ -19,6 +19,7 @@ MOCHITEST_MANIFESTS += [
     "cors/mochitest.ini",
     "csp/mochitest.ini",
     "general/mochitest.ini",
+    "https-first/mochitest.ini",
     "https-only/mochitest.ini",
     "mixedcontentblocker/mochitest.ini",
     "referrer-policy/mochitest.ini",