-
Notifications
You must be signed in to change notification settings - Fork 9.4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
new_audit: bring back redirects-http with passive https check (#13548)
- Loading branch information
1 parent
65b6525
commit 9bd33f8
Showing
15 changed files
with
2,404 additions
and
412 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
/** | ||
* @license | ||
* Copyright 2024 Google LLC | ||
* SPDX-License-Identifier: Apache-2.0 | ||
*/ | ||
|
||
/** | ||
* @type {Smokehouse.ExpectedRunnerResult} | ||
*/ | ||
const expectations = { | ||
artifacts: { | ||
URL: { | ||
requestedUrl: 'http://jakearchibald.github.io/svgomg/', | ||
mainDocumentUrl: 'https://jakearchibald.github.io/svgomg/', | ||
finalDisplayedUrl: 'https://jakearchibald.github.io/svgomg/', | ||
}, | ||
}, | ||
lhr: { | ||
// Intentionally start out on http to test the redirect. | ||
requestedUrl: 'http://jakearchibald.github.io/svgomg/', | ||
finalDisplayedUrl: 'https://jakearchibald.github.io/svgomg/', | ||
runWarnings: [ | ||
'The page may not be loading as expected because your test URL (http://jakearchibald.github.io/svgomg/) was redirected to https://jakearchibald.github.io/svgomg/. Try testing the second URL directly.', | ||
], | ||
audits: { | ||
'redirects-http': { | ||
score: 1, | ||
}, | ||
}, | ||
}, | ||
}; | ||
|
||
export default { | ||
id: 'redirects-http', | ||
expectations, | ||
}; | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,75 @@ | ||
/** | ||
* @license Copyright 2024 The Lighthouse Authors. All Rights Reserved. | ||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 | ||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. | ||
*/ | ||
|
||
import {Audit} from './audit.js'; | ||
import * as i18n from '../lib/i18n/i18n.js'; | ||
import UrlUtils from '../lib/url-utils.js'; | ||
|
||
const UIStrings = { | ||
/** Title of a Lighthouse audit that provides detail on HTTP to HTTPS redirects. This descriptive title is shown to users when HTTP traffic is redirected to HTTPS. */ | ||
title: 'Redirects HTTP traffic to HTTPS', | ||
/** Title of a Lighthouse audit that provides detail on HTTP to HTTPS redirects. This descriptive title is shown to users when HTTP traffic is not redirected to HTTPS. */ | ||
failureTitle: 'Does not redirect HTTP traffic to HTTPS', | ||
/** Description of a Lighthouse audit that tells the user why they should direct HTTP traffic to HTTPS. This is displayed after a user expands the section to see more. No character length limits. 'Learn More' becomes link text to additional documentation. */ | ||
description: 'Make sure that you redirect all HTTP ' + | ||
'traffic to HTTPS in order to enable secure web features for all your users. [Learn more](https://developer.chrome.com/docs/lighthouse/pwa/redirects-http/).', | ||
}; | ||
|
||
const str_ = i18n.createIcuMessageFn(import.meta.url, UIStrings); | ||
|
||
/** | ||
* An audit for checking if a site starting on http redirects to https. The audit | ||
* is marked not applicable if the requestedUrl is already https. | ||
*/ | ||
class RedirectsHTTP extends Audit { | ||
/** | ||
* @return {LH.Audit.Meta} | ||
*/ | ||
static get meta() { | ||
return { | ||
id: 'redirects-http', | ||
title: str_(UIStrings.title), | ||
failureTitle: str_(UIStrings.failureTitle), | ||
description: str_(UIStrings.description), | ||
requiredArtifacts: ['URL'], | ||
supportedModes: ['navigation'], | ||
}; | ||
} | ||
|
||
/** | ||
* @param {LH.Artifacts} artifacts | ||
* @return {LH.Audit.Product} | ||
*/ | ||
static audit(artifacts) { | ||
if (!artifacts.URL.requestedUrl) { | ||
throw new Error('Missing requestedUrl'); | ||
} | ||
|
||
const requestedUrl = new URL(artifacts.URL.requestedUrl); | ||
const finalDisplayedUrl = new URL(artifacts.URL.finalDisplayedUrl); | ||
|
||
// Not applicable unless starting on http. | ||
const startedInsecure = requestedUrl.protocol === 'http:'; | ||
|
||
// Relax requirements on localhost. | ||
const isLocalhost = UrlUtils.isLikeLocalhost(finalDisplayedUrl.hostname); | ||
|
||
if (!startedInsecure || isLocalhost) { | ||
return { | ||
score: null, | ||
notApplicable: true, | ||
}; | ||
} | ||
|
||
const endedSecure = finalDisplayedUrl.protocol === 'https:'; | ||
return { | ||
score: Number(endedSecure), | ||
}; | ||
} | ||
} | ||
|
||
export default RedirectsHTTP; | ||
export {UIStrings}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
/** | ||
* @license Copyright 2024 The Lighthouse Authors. All Rights Reserved. | ||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 | ||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. | ||
*/ | ||
|
||
import {strict as assert} from 'assert'; | ||
|
||
import RedirectsHTTP from '../../audits/redirects-http.js'; | ||
|
||
describe('Security: HTTP->HTTPS audit', () => { | ||
it('fails when no redirect detected', () => { | ||
return assert.equal(RedirectsHTTP.audit({ | ||
URL: { | ||
requestedUrl: 'http://example.com/', | ||
finalDisplayedUrl: 'http://example.com/', | ||
}, | ||
}).score, 0); | ||
}); | ||
|
||
it('passes when redirect detected', () => { | ||
return assert.equal(RedirectsHTTP.audit({ | ||
URL: { | ||
requestedUrl: 'http://paulirish.com/', | ||
finalDisplayedUrl: 'https://paulirish.com/', | ||
}, | ||
}).score, 1); | ||
}); | ||
|
||
it('not applicable on localhost', () => { | ||
const product = RedirectsHTTP.audit({ | ||
URL: { | ||
requestedUrl: 'http://localhost:8080/page.html', | ||
finalDisplayedUrl: 'https://localhost:8080/page.html', | ||
}, | ||
}); | ||
|
||
assert.equal(product.score, null); | ||
assert.equal(product.notApplicable, true); | ||
}); | ||
|
||
it('not applicable if requestedUrl is secure', () => { | ||
const product = RedirectsHTTP.audit({ | ||
URL: { | ||
requestedUrl: 'https://example.com/', | ||
finalDisplayedUrl: 'https://example.com/', | ||
}, | ||
}); | ||
|
||
assert.equal(product.score, null); | ||
assert.equal(product.notApplicable, true); | ||
}); | ||
|
||
it('throws if requestedUrl is missing', () => { | ||
assert.throws(() => { | ||
RedirectsHTTP.audit({ | ||
URL: { | ||
finalDisplayedUrl: 'https://example.com/', | ||
}, | ||
}); | ||
}, new Error('Missing requestedUrl')); | ||
}); | ||
}); |
Oops, something went wrong.