From 3d007777eea4dd5dab62a0e079017c64ebb439b0 Mon Sep 17 00:00:00 2001
From: Christoph Kerschbaumer <ckerschb@christophkerschbaumer.com>
Date: Thu, 22 Apr 2021 11:58:19 +0000
Subject: [PATCH] Bug 1706577: HTTPS-First should handle fragment navigation
 correctly. r=JulianWels

Differential Revision: https://phabricator.services.mozilla.com/D113107
---
 dom/security/nsHTTPSOnlyUtils.cpp             |  3 +-
 .../test/https-first/file_fragment.html       | 42 ++++++++++++++
 dom/security/test/https-first/mochitest.ini   |  4 ++
 .../test/https-first/test_fragment.html       | 58 +++++++++++++++++++
 dom/security/test/moz.build                   |  1 +
 5 files changed, 107 insertions(+), 1 deletion(-)
 create mode 100644 dom/security/test/https-first/file_fragment.html
 create mode 100644 dom/security/test/https-first/mochitest.ini
 create mode 100644 dom/security/test/https-first/test_fragment.html

diff --git a/dom/security/nsHTTPSOnlyUtils.cpp b/dom/security/nsHTTPSOnlyUtils.cpp
index aa65051d6891..f801cc0f4108 100644
--- a/dom/security/nsHTTPSOnlyUtils.cpp
+++ b/dom/security/nsHTTPSOnlyUtils.cpp
@@ -615,7 +615,8 @@ bool nsHTTPSOnlyUtils::IsEqualURIExceptSchemeAndRef(nsIURI* aHTTPSSchemeURI,
 
   // 3. Check if the HTTPS-Only Mode is even enabled, before we do anything else
   bool isPrivateWin = aLoadInfo->GetOriginAttributes().mPrivateBrowsingId > 0;
-  if (!IsHttpsOnlyModeEnabled(isPrivateWin)) {
+  if (!IsHttpsOnlyModeEnabled(isPrivateWin) &&
+      !IsHttpsFirstModeEnabled(isPrivateWin)) {
     return false;
   }
 
diff --git a/dom/security/test/https-first/file_fragment.html b/dom/security/test/https-first/file_fragment.html
new file mode 100644
index 000000000000..4d042ebc15d4
--- /dev/null
+++ b/dom/security/test/https-first/file_fragment.html
@@ -0,0 +1,42 @@
+<!DOCTYPE HTML>
+<html>
+<script>
+
+function beforeunload(){
+  window.opener.postMessage({
+    info: "before-unload",
+    result: window.location.hash,
+    button: false,
+  }, "*");
+}
+
+window.onload = function (){
+  let button = window.document.getElementById("clickMeButton");
+  let buttonExist = button !== null;
+  window.opener.postMessage({
+    info: "onload",
+    result: window.location.href,
+    button: buttonExist,
+  }, "*");
+  button.click();
+
+}
+
+// after button clicked and paged scrolled sends URL of current window
+window.onscroll = function(){
+  window.opener.postMessage({
+    info: "scrolled-to-foo",
+    result: window.location.hash,
+    button: true,
+  }, "*");
+ }
+
+
+</script>
+<body onbeforeunload="/*just to notify if we load a new page*/ beforeunload()";>
+  <a id="clickMeButton" href="http://example.com/tests/dom/security/test/https-first/file_fragment.html#foo">Click me</a>
+  <div style="height: 1000px; border: 1px solid black;"> space</div>
+  <a name="foo" href="http://example.com/tests/dom/security/test/https-first/file_fragment.html">foo</a>
+  <div style="height: 1000px; border: 1px solid black;">space</div>
+</body>
+</html>
diff --git a/dom/security/test/https-first/mochitest.ini b/dom/security/test/https-first/mochitest.ini
new file mode 100644
index 000000000000..ca2cbd41cf41
--- /dev/null
+++ b/dom/security/test/https-first/mochitest.ini
@@ -0,0 +1,4 @@
+[DEFAULT]
+
+[test_fragment.html]
+support-files = file_fragment.html
diff --git a/dom/security/test/https-first/test_fragment.html b/dom/security/test/https-first/test_fragment.html
new file mode 100644
index 000000000000..63a7affee202
--- /dev/null
+++ b/dom/security/test/https-first/test_fragment.html
@@ -0,0 +1,58 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+<title>Bug 1706577: Have https-first mode account for fragment navigations</title>
+<script src="/tests/SimpleTest/SimpleTest.js"></script>
+<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+
+<script class="testbody" type="text/javascript">
+"use strict";
+/*
+ * Description of the test:
+ * Have https-first detect a fragment navigation rather than navigating away
+ * from the page.
+ */
+
+SimpleTest.waitForExplicitFinish();
+
+const REQUEST_URL = "http://example.com/tests/dom/security/test/https-first/file_fragment.html";
+const EXPECT_URL = REQUEST_URL.replace("http://", "https://");
+
+let winTest = null;
+let checkButtonClicked = false;
+
+async function receiveMessage(event) {
+  let data = event.data;
+  if (!checkButtonClicked) {
+    ok(data.result == EXPECT_URL, "location is correct");
+    ok(data.button, "button is clicked");
+    ok(data.info == "onload", "Onloading worked");
+    checkButtonClicked = true;
+    return;
+  }
+
+  // Once the button was clicked we know the tast has finished
+  ok(data.button, "button is clicked");
+  ok(data.result == "#foo", "location (hash) is correct");
+  ok(data.info == "scrolled-to-foo","Scrolled successfully without reloading!");
+  window.removeEventListener("message",receiveMessage);
+  winTest.close();
+  SimpleTest.finish();
+}
+
+async function runTest() {
+  await SpecialPowers.pushPrefEnv({ set: [
+    ["dom.security.https_first", true],
+  ]});
+  winTest = window.open(REQUEST_URL);
+}
+
+window.addEventListener("message", receiveMessage);
+
+runTest();
+
+</script>
+</body>
+</html>
diff --git a/dom/security/test/moz.build b/dom/security/test/moz.build
index 85b2cc8fa58e..0fb27de75208 100644
--- a/dom/security/test/moz.build
+++ b/dom/security/test/moz.build
@@ -19,6 +19,7 @@ MOCHITEST_MANIFESTS += [
     "cors/mochitest.ini",
     "csp/mochitest.ini",
     "general/mochitest.ini",
+    "https-first/mochitest.ini",
     "https-only/mochitest.ini",
     "mixedcontentblocker/mochitest.ini",
     "referrer-policy/mochitest.ini",