mirror of
https://github.com/mozilla/gecko-dev.git
synced 2025-02-27 12:50:09 +00:00
Bug 1276836 - Update and add tests for same-origin, strict-origin, strict-origin-when-cross-origin referrer policy. r=jdm
MozReview-Commit-ID: 9ISKTDHBSHP --HG-- extra : rebase_source : ef3013b777aa77146cc941807afb0e8531fb1f74
This commit is contained in:
Thomas Nguyen
parent
8c6badef26
commit
1780aece77
@ -114,14 +114,20 @@ var EXPECTED_RESULTS = {
|
||||
'unsafe-url': '',
|
||||
'origin': '',
|
||||
'origin-when-cross-origin': '',
|
||||
'no-referrer-when-downgrade': ''
|
||||
'no-referrer-when-downgrade': '',
|
||||
'same-origin': '',
|
||||
'strict-origin': '',
|
||||
'strict-origin-when-cross-origin':''
|
||||
},
|
||||
'http-to-https': {
|
||||
'no-referrer': '',
|
||||
'unsafe-url': 'http://example.com/tests/dom/base/test/bug704320.sjs?action=create-1st-level-iframe&scheme-from=http&scheme-to=https&policy=unsafe-url',
|
||||
'origin': 'http://example.com/',
|
||||
'origin-when-cross-origin': 'http://example.com/',
|
||||
'no-referrer-when-downgrade': 'http://example.com/tests/dom/base/test/bug704320.sjs?action=create-1st-level-iframe&scheme-from=http&scheme-to=https&policy=no-referrer-when-downgrade'
|
||||
'no-referrer-when-downgrade': 'http://example.com/tests/dom/base/test/bug704320.sjs?action=create-1st-level-iframe&scheme-from=http&scheme-to=https&policy=no-referrer-when-downgrade',
|
||||
'same-origin': '',
|
||||
'strict-origin': 'http://example.com/',
|
||||
'strict-origin-when-cross-origin':'http://example.com/'
|
||||
},
|
||||
// Encrypted and not same-origin
|
||||
'https-to-http': {
|
||||
@ -129,7 +135,10 @@ var EXPECTED_RESULTS = {
|
||||
'unsafe-url': '',
|
||||
'origin': '',
|
||||
'origin-when-cross-origin': '',
|
||||
'no-referrer-when-downgrade': ''
|
||||
'no-referrer-when-downgrade': '',
|
||||
'same-origin': '',
|
||||
'strict-origin': '',
|
||||
'strict-origin-when-cross-origin':''
|
||||
},
|
||||
// Encrypted
|
||||
'https-to-https': {
|
||||
@ -137,7 +146,10 @@ var EXPECTED_RESULTS = {
|
||||
'unsafe-url': '',
|
||||
'origin': '',
|
||||
'origin-when-cross-origin': '',
|
||||
'no-referrer-when-downgrade': ''
|
||||
'no-referrer-when-downgrade': '',
|
||||
'same-origin': '',
|
||||
'strict-origin': '',
|
||||
'strict-origin-when-cross-origin':''
|
||||
}
|
||||
},
|
||||
// form is tested in a 2nd level iframe.
|
||||
@ -147,28 +159,40 @@ var EXPECTED_RESULTS = {
|
||||
'unsafe-url': 'http://example.com/tests/dom/base/test/bug704320.sjs?action=create-2nd-level-iframe&scheme-from=http&scheme-to=http&policy=unsafe-url&type=form',
|
||||
'origin': 'http://example.com/',
|
||||
'origin-when-cross-origin': 'http://example.com/tests/dom/base/test/bug704320.sjs?action=create-2nd-level-iframe&scheme-from=http&scheme-to=http&policy=origin-when-cross-origin&type=form',
|
||||
'no-referrer-when-downgrade': 'http://example.com/tests/dom/base/test/bug704320.sjs?action=create-2nd-level-iframe&scheme-from=http&scheme-to=http&policy=no-referrer-when-downgrade&type=form'
|
||||
'no-referrer-when-downgrade': 'http://example.com/tests/dom/base/test/bug704320.sjs?action=create-2nd-level-iframe&scheme-from=http&scheme-to=http&policy=no-referrer-when-downgrade&type=form',
|
||||
'same-origin': 'http://example.com/tests/dom/base/test/bug704320.sjs?action=create-2nd-level-iframe&scheme-from=http&scheme-to=http&policy=same-origin&type=form',
|
||||
'strict-origin': 'http://example.com/',
|
||||
'strict-origin-when-cross-origin':'http://example.com/tests/dom/base/test/bug704320.sjs?action=create-2nd-level-iframe&scheme-from=http&scheme-to=http&policy=strict-origin-when-cross-origin&type=form'
|
||||
},
|
||||
'http-to-https': {
|
||||
'no-referrer': '',
|
||||
'unsafe-url': 'http://example.com/tests/dom/base/test/bug704320.sjs?action=create-2nd-level-iframe&scheme-from=http&scheme-to=https&policy=unsafe-url&type=form',
|
||||
'origin': 'http://example.com/',
|
||||
'origin-when-cross-origin': 'http://example.com/',
|
||||
'no-referrer-when-downgrade': 'http://example.com/tests/dom/base/test/bug704320.sjs?action=create-2nd-level-iframe&scheme-from=http&scheme-to=https&policy=no-referrer-when-downgrade&type=form'
|
||||
'no-referrer-when-downgrade': 'http://example.com/tests/dom/base/test/bug704320.sjs?action=create-2nd-level-iframe&scheme-from=http&scheme-to=https&policy=no-referrer-when-downgrade&type=form',
|
||||
'same-origin': '',
|
||||
'strict-origin': 'http://example.com/',
|
||||
'strict-origin-when-cross-origin':'http://example.com/'
|
||||
},
|
||||
'https-to-http': {
|
||||
'no-referrer': '',
|
||||
'unsafe-url': 'https://example.com/tests/dom/base/test/bug704320.sjs?action=create-2nd-level-iframe&scheme-from=https&scheme-to=http&policy=unsafe-url&type=form',
|
||||
'origin': 'https://example.com/',
|
||||
'origin-when-cross-origin': 'https://example.com/',
|
||||
'no-referrer-when-downgrade': ''
|
||||
'no-referrer-when-downgrade': '',
|
||||
'same-origin': '',
|
||||
'strict-origin': '',
|
||||
'strict-origin-when-cross-origin':''
|
||||
},
|
||||
'https-to-https': {
|
||||
'no-referrer': '',
|
||||
'unsafe-url': 'https://example.com/tests/dom/base/test/bug704320.sjs?action=create-2nd-level-iframe&scheme-from=https&scheme-to=https&policy=unsafe-url&type=form',
|
||||
'origin': 'https://example.com/',
|
||||
'origin-when-cross-origin': 'https://example.com/tests/dom/base/test/bug704320.sjs?action=create-2nd-level-iframe&scheme-from=https&scheme-to=https&policy=origin-when-cross-origin&type=form',
|
||||
'no-referrer-when-downgrade': 'https://example.com/tests/dom/base/test/bug704320.sjs?action=create-2nd-level-iframe&scheme-from=https&scheme-to=https&policy=no-referrer-when-downgrade&type=form'
|
||||
'no-referrer-when-downgrade': 'https://example.com/tests/dom/base/test/bug704320.sjs?action=create-2nd-level-iframe&scheme-from=https&scheme-to=https&policy=no-referrer-when-downgrade&type=form',
|
||||
'same-origin': 'https://example.com/tests/dom/base/test/bug704320.sjs?action=create-2nd-level-iframe&scheme-from=https&scheme-to=https&policy=same-origin&type=form',
|
||||
'strict-origin': 'https://example.com/',
|
||||
'strict-origin-when-cross-origin':'https://example.com/tests/dom/base/test/bug704320.sjs?action=create-2nd-level-iframe&scheme-from=https&scheme-to=https&policy=strict-origin-when-cross-origin&type=form'
|
||||
}
|
||||
},
|
||||
// window.location is tested in a 2nd level iframe.
|
||||
@ -178,28 +202,40 @@ var EXPECTED_RESULTS = {
|
||||
'unsafe-url': 'http://example.com/tests/dom/base/test/bug704320.sjs?action=create-2nd-level-iframe&scheme-from=http&scheme-to=http&policy=unsafe-url&type=window.location',
|
||||
'origin': 'http://example.com/',
|
||||
'origin-when-cross-origin': 'http://example.com/tests/dom/base/test/bug704320.sjs?action=create-2nd-level-iframe&scheme-from=http&scheme-to=http&policy=origin-when-cross-origin&type=window.location',
|
||||
'no-referrer-when-downgrade': 'http://example.com/tests/dom/base/test/bug704320.sjs?action=create-2nd-level-iframe&scheme-from=http&scheme-to=http&policy=no-referrer-when-downgrade&type=window.location'
|
||||
'no-referrer-when-downgrade': 'http://example.com/tests/dom/base/test/bug704320.sjs?action=create-2nd-level-iframe&scheme-from=http&scheme-to=http&policy=no-referrer-when-downgrade&type=window.location',
|
||||
'same-origin': 'http://example.com/tests/dom/base/test/bug704320.sjs?action=create-2nd-level-iframe&scheme-from=http&scheme-to=http&policy=same-origin&type=window.location',
|
||||
'strict-origin': 'http://example.com/',
|
||||
'strict-origin-when-cross-origin':'http://example.com/tests/dom/base/test/bug704320.sjs?action=create-2nd-level-iframe&scheme-from=http&scheme-to=http&policy=strict-origin-when-cross-origin&type=window.location'
|
||||
},
|
||||
'http-to-https': {
|
||||
'no-referrer': '',
|
||||
'unsafe-url': 'http://example.com/tests/dom/base/test/bug704320.sjs?action=create-2nd-level-iframe&scheme-from=http&scheme-to=https&policy=unsafe-url&type=window.location',
|
||||
'origin': 'http://example.com/',
|
||||
'origin-when-cross-origin': 'http://example.com/',
|
||||
'no-referrer-when-downgrade': 'http://example.com/tests/dom/base/test/bug704320.sjs?action=create-2nd-level-iframe&scheme-from=http&scheme-to=https&policy=no-referrer-when-downgrade&type=window.location'
|
||||
'no-referrer-when-downgrade': 'http://example.com/tests/dom/base/test/bug704320.sjs?action=create-2nd-level-iframe&scheme-from=http&scheme-to=https&policy=no-referrer-when-downgrade&type=window.location',
|
||||
'same-origin': '',
|
||||
'strict-origin': 'http://example.com/',
|
||||
'strict-origin-when-cross-origin':'http://example.com/'
|
||||
},
|
||||
'https-to-http': {
|
||||
'no-referrer': '',
|
||||
'unsafe-url': 'https://example.com/tests/dom/base/test/bug704320.sjs?action=create-2nd-level-iframe&scheme-from=https&scheme-to=http&policy=unsafe-url&type=window.location',
|
||||
'origin': 'https://example.com/',
|
||||
'origin-when-cross-origin': 'https://example.com/',
|
||||
'no-referrer-when-downgrade': ''
|
||||
'no-referrer-when-downgrade': '',
|
||||
'same-origin': '',
|
||||
'strict-origin': '',
|
||||
'strict-origin-when-cross-origin':''
|
||||
},
|
||||
'https-to-https': {
|
||||
'no-referrer': '',
|
||||
'unsafe-url': 'https://example.com/tests/dom/base/test/bug704320.sjs?action=create-2nd-level-iframe&scheme-from=https&scheme-to=https&policy=unsafe-url&type=window.location',
|
||||
'origin': 'https://example.com/',
|
||||
'origin-when-cross-origin': 'https://example.com/tests/dom/base/test/bug704320.sjs?action=create-2nd-level-iframe&scheme-from=https&scheme-to=https&policy=origin-when-cross-origin&type=window.location',
|
||||
'no-referrer-when-downgrade': 'https://example.com/tests/dom/base/test/bug704320.sjs?action=create-2nd-level-iframe&scheme-from=https&scheme-to=https&policy=no-referrer-when-downgrade&type=window.location'
|
||||
'no-referrer-when-downgrade': 'https://example.com/tests/dom/base/test/bug704320.sjs?action=create-2nd-level-iframe&scheme-from=https&scheme-to=https&policy=no-referrer-when-downgrade&type=window.location',
|
||||
'same-origin': 'https://example.com/tests/dom/base/test/bug704320.sjs?action=create-2nd-level-iframe&scheme-from=https&scheme-to=https&policy=same-origin&type=window.location',
|
||||
'strict-origin': 'https://example.com/',
|
||||
'strict-origin-when-cross-origin':'https://example.com/tests/dom/base/test/bug704320.sjs?action=create-2nd-level-iframe&scheme-from=https&scheme-to=https&policy=strict-origin-when-cross-origin&type=window.location'
|
||||
}
|
||||
},
|
||||
'default': {
|
||||
@ -208,28 +244,40 @@ var EXPECTED_RESULTS = {
|
||||
'unsafe-url': 'http://example.com/tests/dom/base/test/bug704320.sjs?action=create-1st-level-iframe&scheme-from=http&scheme-to=http&policy=unsafe-url',
|
||||
'origin': 'http://example.com/',
|
||||
'origin-when-cross-origin': 'http://example.com/tests/dom/base/test/bug704320.sjs?action=create-1st-level-iframe&scheme-from=http&scheme-to=http&policy=origin-when-cross-origin',
|
||||
'no-referrer-when-downgrade': 'http://example.com/tests/dom/base/test/bug704320.sjs?action=create-1st-level-iframe&scheme-from=http&scheme-to=http&policy=no-referrer-when-downgrade'
|
||||
'no-referrer-when-downgrade': 'http://example.com/tests/dom/base/test/bug704320.sjs?action=create-1st-level-iframe&scheme-from=http&scheme-to=http&policy=no-referrer-when-downgrade',
|
||||
'same-origin': 'http://example.com/tests/dom/base/test/bug704320.sjs?action=create-1st-level-iframe&scheme-from=http&scheme-to=http&policy=same-origin',
|
||||
'strict-origin': 'http://example.com/',
|
||||
'strict-origin-when-cross-origin':'http://example.com/tests/dom/base/test/bug704320.sjs?action=create-1st-level-iframe&scheme-from=http&scheme-to=http&policy=strict-origin-when-cross-origin'
|
||||
},
|
||||
'http-to-https': {
|
||||
'no-referrer': '',
|
||||
'unsafe-url': 'http://example.com/tests/dom/base/test/bug704320.sjs?action=create-1st-level-iframe&scheme-from=http&scheme-to=https&policy=unsafe-url',
|
||||
'origin': 'http://example.com/',
|
||||
'origin-when-cross-origin': 'http://example.com/',
|
||||
'no-referrer-when-downgrade': 'http://example.com/tests/dom/base/test/bug704320.sjs?action=create-1st-level-iframe&scheme-from=http&scheme-to=https&policy=no-referrer-when-downgrade'
|
||||
'no-referrer-when-downgrade': 'http://example.com/tests/dom/base/test/bug704320.sjs?action=create-1st-level-iframe&scheme-from=http&scheme-to=https&policy=no-referrer-when-downgrade',
|
||||
'same-origin': '',
|
||||
'strict-origin': 'http://example.com/',
|
||||
'strict-origin-when-cross-origin':'http://example.com/'
|
||||
},
|
||||
'https-to-http': {
|
||||
'no-referrer': '',
|
||||
'unsafe-url': 'https://example.com/tests/dom/base/test/bug704320.sjs?action=create-1st-level-iframe&scheme-from=https&scheme-to=http&policy=unsafe-url',
|
||||
'origin': 'https://example.com/',
|
||||
'origin-when-cross-origin': 'https://example.com/',
|
||||
'no-referrer-when-downgrade': ''
|
||||
'no-referrer-when-downgrade': '',
|
||||
'same-origin': '',
|
||||
'strict-origin': '',
|
||||
'strict-origin-when-cross-origin':''
|
||||
},
|
||||
'https-to-https': {
|
||||
'no-referrer': '',
|
||||
'unsafe-url': 'https://example.com/tests/dom/base/test/bug704320.sjs?action=create-1st-level-iframe&scheme-from=https&scheme-to=https&policy=unsafe-url',
|
||||
'origin': 'https://example.com/',
|
||||
'origin-when-cross-origin': 'https://example.com/tests/dom/base/test/bug704320.sjs?action=create-1st-level-iframe&scheme-from=https&scheme-to=https&policy=origin-when-cross-origin',
|
||||
'no-referrer-when-downgrade': 'https://example.com/tests/dom/base/test/bug704320.sjs?action=create-1st-level-iframe&scheme-from=https&scheme-to=https&policy=no-referrer-when-downgrade'
|
||||
'no-referrer-when-downgrade': 'https://example.com/tests/dom/base/test/bug704320.sjs?action=create-1st-level-iframe&scheme-from=https&scheme-to=https&policy=no-referrer-when-downgrade',
|
||||
'same-origin': 'https://example.com/tests/dom/base/test/bug704320.sjs?action=create-1st-level-iframe&scheme-from=https&scheme-to=https&policy=same-origin',
|
||||
'strict-origin': 'https://example.com/',
|
||||
'strict-origin-when-cross-origin':'https://example.com/tests/dom/base/test/bug704320.sjs?action=create-1st-level-iframe&scheme-from=https&scheme-to=https&policy=strict-origin-when-cross-origin'
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
@ -35,6 +35,11 @@
|
||||
META_POLICY: 'origin',
|
||||
DESC: "no-referrer (anchor) with origin in meta",
|
||||
RESULT: 'none'},
|
||||
{ATTRIBUTE_POLICY: 'same-origin',
|
||||
NAME: 'same-origin-with-origin-in-meta',
|
||||
META_POLICY: 'origin',
|
||||
DESC: "same-origin with origin in meta",
|
||||
RESULT: 'full'},
|
||||
{NAME: 'no-referrer-in-meta',
|
||||
META_POLICY: 'no-referrer',
|
||||
DESC: "no-referrer in meta",
|
||||
@ -50,6 +55,20 @@
|
||||
SCHEME_FROM: 'https',
|
||||
SCHEME_TO: 'http',
|
||||
RESULT: 'none'},
|
||||
{ATTRIBUTE_POLICY: 'strict-origin',
|
||||
NAME: 'origin-in-meta-strict-origin-in-attr',
|
||||
META_POLICY: 'origin',
|
||||
DESC: 'origin in meta strict-origin in attr',
|
||||
SCHEME_FROM: 'https',
|
||||
SCHEME_TO: 'http',
|
||||
RESULT: 'none'},
|
||||
{ATTRIBUTE_POLICY: 'strict-origin-when-cross-origin',
|
||||
NAME: 'origin-in-meta-strict-origin-when-cross-origin-in-attr',
|
||||
META_POLICY: 'origin',
|
||||
DESC: 'origin in meta strict-origin-when-cross-origin in attr',
|
||||
SCHEME_FROM: 'https',
|
||||
SCHEME_TO: 'http',
|
||||
RESULT: 'none'},
|
||||
|
||||
// 2. No downgrade.
|
||||
{ATTRIBUTE_POLICY: 'no-referrer-when-downgrade',
|
||||
@ -59,6 +78,35 @@
|
||||
SCHEME_FROM: 'https',
|
||||
SCHEME_TO: 'https',
|
||||
RESULT: 'full'},
|
||||
{ATTRIBUTE_POLICY: 'strict-origin',
|
||||
NAME: 'origin-in-meta-strict-origin-in-attr',
|
||||
META_POLICY: 'origin',
|
||||
DESC: 'origin in meta strict-origin in attr',
|
||||
SCHEME_FROM: 'https',
|
||||
SCHEME_TO: 'https',
|
||||
RESULT: 'origin'},
|
||||
{ATTRIBUTE_POLICY: 'strict-origin-when-cross-origin',
|
||||
NAME: 'origin-in-meta-strict-origin-when-cross-origin-in-attr',
|
||||
META_POLICY: 'origin',
|
||||
DESC: 'origin in meta strict-origin-when-cross-origin in attr',
|
||||
SCHEME_FROM: 'https',
|
||||
SCHEME_TO: 'https',
|
||||
RESULT: 'full'},
|
||||
{ATTRIBUTE_POLICY: 'strict-origin-when-cross-origin',
|
||||
NAME: 'strict-origin-when-cross-origin-with-origin-in-meta',
|
||||
META_POLICY: 'origin',
|
||||
SCHEME_FROM: 'http',
|
||||
SCHEME_TO: 'https',
|
||||
DESC: "strict-origin-when-cross-origin with origin in meta",
|
||||
RESULT: 'origin'},
|
||||
{ATTRIBUTE_POLICY: 'same-origin',
|
||||
NAME: 'same-origin-with-origin-in-meta',
|
||||
META_POLICY: 'origin',
|
||||
SCHEME_FROM: 'http',
|
||||
SCHEME_TO: 'https',
|
||||
DESC: "same-origin with origin in meta",
|
||||
RESULT: 'none'},
|
||||
|
||||
// End of element attr overriding test..
|
||||
|
||||
{ATTRIBUTE_POLICY: 'origin',
|
||||
|
||||
@ -23,6 +23,9 @@ var generateURLArray = (function(from, to){
|
||||
from + baseURL + from + schemeTo + to + '&policy=unsafe-url',
|
||||
from + baseURL + from + schemeTo + to + '&policy=origin',
|
||||
from + baseURL + from + schemeTo + to + '&policy=origin-when-cross-origin',
|
||||
from + baseURL + from + schemeTo + to + '&policy=same-origin',
|
||||
from + baseURL + from + schemeTo + to + '&policy=strict-origin',
|
||||
from + baseURL + from + schemeTo + to + '&policy=strict-origin-when-cross-origin',
|
||||
];
|
||||
});
|
||||
|
||||
|
||||
@ -16,7 +16,7 @@
|
||||
<script type="application/javascript;version=1.7">
|
||||
|
||||
const SJS = "://example.com/tests/dom/base/test/referrer_testserver.sjs?";
|
||||
const PARAMS = ["ATTRIBUTE_POLICY", "NEW_ATTRIBUTE_POLICY", "META_POLICY"];
|
||||
const PARAMS = ["ATTRIBUTE_POLICY", "NEW_ATTRIBUTE_POLICY", "META_POLICY", "SCHEME_FROM", "SCHEME_TO"];
|
||||
|
||||
const testCases = [
|
||||
{ACTION: ["generate-iframe-policy-test"],
|
||||
@ -44,7 +44,59 @@
|
||||
NAME: 'origin-with-no-meta',
|
||||
META_POLICY: '',
|
||||
DESC: "origin (iframe) with no meta",
|
||||
RESULT: 'origin'}]}
|
||||
RESULT: 'origin'},
|
||||
{ATTRIBUTE_POLICY: 'same-origin',
|
||||
NAME: 'same-origin-with-origin-in-meta',
|
||||
META_POLICY: 'origin',
|
||||
DESC: "same-origin with origin in meta",
|
||||
RESULT: 'full'},
|
||||
|
||||
// 1. Downgrade.
|
||||
{ATTRIBUTE_POLICY: 'strict-origin',
|
||||
NAME: 'origin-in-meta-strict-origin-in-attr',
|
||||
META_POLICY: 'origin',
|
||||
DESC: 'origin in meta strict-origin in attr',
|
||||
SCHEME_FROM: 'https',
|
||||
SCHEME_TO: 'http',
|
||||
RESULT: 'none'},
|
||||
{ATTRIBUTE_POLICY: 'strict-origin-when-cross-origin',
|
||||
NAME: 'origin-in-meta-strict-origin-when-cross-origin-in-attr',
|
||||
META_POLICY: 'origin',
|
||||
DESC: 'origin in meta strict-origin-when-cross-origin in attr',
|
||||
SCHEME_FROM: 'https',
|
||||
SCHEME_TO: 'http',
|
||||
RESULT: 'none'},
|
||||
|
||||
// 2. No downgrade.
|
||||
{ATTRIBUTE_POLICY: 'strict-origin',
|
||||
NAME: 'origin-in-meta-strict-origin-in-attr',
|
||||
META_POLICY: 'origin',
|
||||
DESC: 'origin in meta strict-origin in attr',
|
||||
SCHEME_FROM: 'https',
|
||||
SCHEME_TO: 'https',
|
||||
RESULT: 'origin'},
|
||||
{ATTRIBUTE_POLICY: 'strict-origin-when-cross-origin',
|
||||
NAME: 'origin-in-meta-strict-origin-when-cross-origin-in-attr',
|
||||
META_POLICY: 'origin',
|
||||
DESC: 'origin in meta strict-origin-when-cross-origin in attr',
|
||||
SCHEME_FROM: 'https',
|
||||
SCHEME_TO: 'https',
|
||||
RESULT: 'full'},
|
||||
{ATTRIBUTE_POLICY: 'strict-origin-when-cross-origin',
|
||||
NAME: 'strict-origin-when-cross-origin-with-origin-in-meta',
|
||||
META_POLICY: 'origin',
|
||||
SCHEME_FROM: 'http',
|
||||
SCHEME_TO: 'https',
|
||||
DESC: "strict-origin-when-cross-origin with origin in meta",
|
||||
RESULT: 'origin'},
|
||||
{ATTRIBUTE_POLICY: 'same-origin',
|
||||
NAME: 'same-origin-with-origin-in-meta',
|
||||
META_POLICY: 'origin',
|
||||
SCHEME_FROM: 'http',
|
||||
SCHEME_TO: 'https',
|
||||
DESC: "same-origin with origin in meta",
|
||||
RESULT: 'none'},
|
||||
]}
|
||||
];
|
||||
</script>
|
||||
<script type="application/javascript;version=1.7" src="/tests/dom/base/test/referrer_helper.js"></script>
|
||||
|
||||
@ -37,6 +37,12 @@
|
||||
REL: 'prefetch',
|
||||
DESC: "prefetch-no-referrer with origin in meta",
|
||||
RESULT: 'none'},
|
||||
{ATTRIBUTE_POLICY: 'same-origin',
|
||||
NAME: 'prefetch-same-origin-with-origin-in-meta',
|
||||
META_POLICY: 'origin',
|
||||
REL: 'prefetch',
|
||||
DESC: "prefetch-same-origin with origin in meta",
|
||||
RESULT: 'full'},
|
||||
{NAME: 'prefetch-no-referrer-in-meta',
|
||||
META_POLICY: 'no-referrer',
|
||||
REL: 'prefetch',
|
||||
@ -52,6 +58,22 @@
|
||||
SCHEME_FROM: 'https',
|
||||
SCHEME_TO: 'http',
|
||||
RESULT: 'none'},
|
||||
{ATTRIBUTE_POLICY: 'strict-origin',
|
||||
NAME: 'prefetch-origin-in-meta-strict-origin-in-attr',
|
||||
META_POLICY: 'origin',
|
||||
DESC: 'prefetch-origin in meta strict-origin in attr',
|
||||
REL: 'prefetch',
|
||||
SCHEME_FROM: 'https',
|
||||
SCHEME_TO: 'http',
|
||||
RESULT: 'none'},
|
||||
{ATTRIBUTE_POLICY: 'strict-origin-when-cross-origin',
|
||||
NAME: 'prefetch-origin-in-meta-strict-origin-when-cross-origin-in-attr',
|
||||
META_POLICY: 'origin',
|
||||
DESC: 'prefetch-origin in meta strict-origin-when-cross-origin in attr',
|
||||
REL: 'prefetch',
|
||||
SCHEME_FROM: 'https',
|
||||
SCHEME_TO: 'http',
|
||||
RESULT: 'none'},
|
||||
|
||||
// No downgrade.
|
||||
{ATTRIBUTE_POLICY: 'no-referrer-when-downgrade',
|
||||
@ -70,6 +92,23 @@
|
||||
DESC: "prefetch-origin with no meta",
|
||||
RESULT: 'origin'},
|
||||
|
||||
{ATTRIBUTE_POLICY: 'strict-origin',
|
||||
NAME: 'prefetch-origin-in-meta-strict-origin-in-attr',
|
||||
META_POLICY: 'origin',
|
||||
DESC: 'prefetch-origin in meta strict-origin in attr',
|
||||
REL: 'prefetch',
|
||||
SCHEME_FROM: 'https',
|
||||
SCHEME_TO: 'https',
|
||||
RESULT: 'origin'},
|
||||
{ATTRIBUTE_POLICY: 'strict-origin-when-cross-origin',
|
||||
NAME: 'prefetch-origin-in-meta-strict-origin-when-cross-origin-in-attr',
|
||||
META_POLICY: 'origin',
|
||||
DESC: 'prefetch-origin in meta strict-origin-when-cross-origin in attr',
|
||||
REL: 'prefetch',
|
||||
SCHEME_FROM: 'https',
|
||||
SCHEME_TO: 'https',
|
||||
RESULT: 'full'},
|
||||
|
||||
// Cross origin
|
||||
{ATTRIBUTE_POLICY: 'origin-when-cross-origin',
|
||||
NAME: 'prefetch-origin-when-cross-origin-with-no-meta',
|
||||
@ -103,6 +142,22 @@
|
||||
REL: 'prefetch',
|
||||
DESC: "prefetch-origin-when-cross-origin with origin in meta",
|
||||
RESULT: 'origin'},
|
||||
{ATTRIBUTE_POLICY: 'strict-origin-when-cross-origin',
|
||||
NAME: 'prefetch-strict-origin-when-cross-origin-with-origin-in-meta',
|
||||
META_POLICY: 'origin',
|
||||
SCHEME_FROM: 'http',
|
||||
SCHEME_TO: 'https',
|
||||
REL: 'prefetch',
|
||||
DESC: "prefetch-strict-origin-when-cross-origin with origin in meta",
|
||||
RESULT: 'origin'},
|
||||
{ATTRIBUTE_POLICY: 'same-origin',
|
||||
NAME: 'prefetch-same-origin-with-origin-in-meta',
|
||||
META_POLICY: 'origin',
|
||||
SCHEME_FROM: 'http',
|
||||
SCHEME_TO: 'https',
|
||||
REL: 'prefetch',
|
||||
DESC: "prefetch-same-origin with origin in meta",
|
||||
RESULT: 'none'},
|
||||
|
||||
// Invalid
|
||||
{ATTRIBUTE_POLICY: 'default',
|
||||
|
||||
@ -37,6 +37,12 @@
|
||||
REL: 'stylesheet',
|
||||
DESC: "stylesheet-no-referrer with origin in meta",
|
||||
RESULT: 'none'},
|
||||
{ATTRIBUTE_POLICY: 'same-origin',
|
||||
NAME: 'stylesheet-same-origin-with-origin-in-meta',
|
||||
META_POLICY: 'origin',
|
||||
REL: 'stylesheet',
|
||||
DESC: "stylesheet-same-origin with origin in meta",
|
||||
RESULT: 'full'},
|
||||
{NAME: 'stylesheet-no-referrer-in-meta',
|
||||
META_POLICY: 'no-referrer',
|
||||
REL: 'stylesheet',
|
||||
@ -51,6 +57,22 @@
|
||||
REL: 'stylesheet',
|
||||
SCHEME_FROM: 'https',
|
||||
SCHEME_TO: 'http',
|
||||
RESULT: 'none'},
|
||||
{ATTRIBUTE_POLICY: 'strict-origin',
|
||||
NAME: 'stylesheet-origin-in-meta-strict-origin-in-attr',
|
||||
META_POLICY: 'origin',
|
||||
DESC: 'stylesheet-origin in meta strict-origin in attr',
|
||||
REL: 'stylesheet',
|
||||
SCHEME_FROM: 'https',
|
||||
SCHEME_TO: 'http',
|
||||
RESULT: 'none'},
|
||||
{ATTRIBUTE_POLICY: 'strict-origin-when-cross-origin',
|
||||
NAME: 'stylesheet-origin-in-meta-strict-origin-when-cross-origin-in-attr',
|
||||
META_POLICY: 'origin',
|
||||
DESC: 'stylesheet-origin in meta strict-origin-when-cross-origin in attr',
|
||||
REL: 'stylesheet',
|
||||
SCHEME_FROM: 'https',
|
||||
SCHEME_TO: 'http',
|
||||
RESULT: 'none'},
|
||||
|
||||
// No downgrade.
|
||||
@ -70,6 +92,23 @@
|
||||
DESC: "stylesheet-origin with no meta",
|
||||
RESULT: 'origin'},
|
||||
|
||||
{ATTRIBUTE_POLICY: 'strict-origin',
|
||||
NAME: 'stylesheet-origin-in-meta-strict-origin-in-attr',
|
||||
META_POLICY: 'origin',
|
||||
DESC: 'stylesheet-origin in meta strict-origin in attr',
|
||||
REL: 'stylesheet',
|
||||
SCHEME_FROM: 'https',
|
||||
SCHEME_TO: 'https',
|
||||
RESULT: 'origin'},
|
||||
{ATTRIBUTE_POLICY: 'strict-origin-when-cross-origin',
|
||||
NAME: 'stylesheet-origin-in-meta-strict-origin-when-cross-origin-in-attr',
|
||||
META_POLICY: 'origin',
|
||||
DESC: 'stylesheet-origin in meta strict-origin-when-cross-origin in attr',
|
||||
REL: 'stylesheet',
|
||||
SCHEME_FROM: 'https',
|
||||
SCHEME_TO: 'https',
|
||||
RESULT: 'full'},
|
||||
|
||||
// Cross origin
|
||||
{ATTRIBUTE_POLICY: 'origin-when-cross-origin',
|
||||
NAME: 'stylesheet-origin-when-cross-origin-with-no-meta',
|
||||
@ -103,6 +142,22 @@
|
||||
REL: 'stylesheet',
|
||||
DESC: "stylesheet-origin-when-cross-origin with origin in meta",
|
||||
RESULT: 'origin'},
|
||||
{ATTRIBUTE_POLICY: 'strict-origin-when-cross-origin',
|
||||
NAME: 'stylesheet-strict-origin-when-cross-origin-with-origin-in-meta',
|
||||
META_POLICY: 'origin',
|
||||
SCHEME_FROM: 'http',
|
||||
SCHEME_TO: 'https',
|
||||
REL: 'stylesheet',
|
||||
DESC: "stylesheet-strict-origin-when-cross-origin with origin in meta",
|
||||
RESULT: 'origin'},
|
||||
{ATTRIBUTE_POLICY: 'same-origin',
|
||||
NAME: 'stylesheet-same-origin-with-origin-in-meta',
|
||||
META_POLICY: 'origin',
|
||||
SCHEME_FROM: 'http',
|
||||
SCHEME_TO: 'https',
|
||||
REL: 'stylesheet',
|
||||
DESC: "stylesheet-same-origin with origin in meta",
|
||||
RESULT: 'none'},
|
||||
|
||||
// Invalid
|
||||
{ATTRIBUTE_POLICY: 'default',
|
||||
|
||||
@ -37,6 +37,9 @@ var testCases = {
|
||||
'origin' : 'origin',
|
||||
'origin-when-cross-origin' : 'full',
|
||||
'unsafe-url' : 'full',
|
||||
'same-origin' : 'full',
|
||||
'strict-origin' : 'origin',
|
||||
'strict-origin-when-cross-origin' : 'full',
|
||||
'no-referrer' : 'none',
|
||||
'unsafe-url, no-referrer' : 'none',
|
||||
'invalid' : 'full' }},
|
||||
@ -45,6 +48,9 @@ var testCases = {
|
||||
'origin' : 'origin',
|
||||
'origin-when-cross-origin' : 'origin',
|
||||
'unsafe-url' : 'full',
|
||||
'same-origin' : 'none',
|
||||
'strict-origin' : 'origin',
|
||||
'strict-origin-when-cross-origin' : 'origin',
|
||||
'no-referrer' : 'none',
|
||||
'unsafe-url, no-referrer' : 'none',
|
||||
'invalid' : 'full' }},
|
||||
@ -56,6 +62,9 @@ var testCases = {
|
||||
'origin' : 'full',
|
||||
'origin-when-cross-origin"' : 'full',
|
||||
'unsafe-url' : 'full',
|
||||
'same-origin' : 'none',
|
||||
'strict-origin' : 'none',
|
||||
'strict-origin-when-cross-origin' : 'none',
|
||||
'no-referrer' : 'full',
|
||||
'unsafe-url, no-referrer' : 'none',
|
||||
'invalid' : 'full' }}, */
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user