Bug 1192940 - Support referrer policy in sendBeacon r=Ehsan

MozReview-Commit-ID: FEyqInOkiT6

--HG--
extra : rebase_source : 573e9b2c9ae906f7b75983c4cc4edcea7cfeff92

dom/base/Navigator.cpp

@@ -1213,7 +1213,8 @@ Navigator::SendBeaconInternal(const nsAString& aUrl,
     aRv.Throw(NS_ERROR_DOM_BAD_URI);
     return false;
   }
-  rv = httpChannel->SetReferrer(documentURI);
+  mozilla::net::ReferrerPolicy referrerPolicy = doc->GetReferrerPolicy();
+  rv = httpChannel->SetReferrerWithPolicy(documentURI, referrerPolicy);
   MOZ_ASSERT(NS_SUCCEEDED(rv));
 
   nsCOMPtr<nsIInputStream> in;

testing/web-platform/meta/MANIFEST.json

@@ -17754,6 +17754,16 @@
      {}
     ]
    ],
+   "beacon/headers/header-referrer.js": [
+    [
+     {}
+    ]
+   ],
+   "beacon/resources/inspect-header.py": [
+    [
+     {}
+    ]
+   ],
    "bluetooth/bluetooth-helpers.js": [
     [
      {}
@@ -81799,6 +81809,54 @@
      {}
     ]
    ],
+   "beacon/headers/header-referrer-no-referrer-when-downgrade.https.html": [
+    [
+     "/beacon/headers/header-referrer-no-referrer-when-downgrade.https.html",
+     {}
+    ]
+   ],
+   "beacon/headers/header-referrer-no-referrer.html": [
+    [
+     "/beacon/headers/header-referrer-no-referrer.html",
+     {}
+    ]
+   ],
+   "beacon/headers/header-referrer-origin-when-cross-origin.html": [
+    [
+     "/beacon/headers/header-referrer-origin-when-cross-origin.html",
+     {}
+    ]
+   ],
+   "beacon/headers/header-referrer-origin.html": [
+    [
+     "/beacon/headers/header-referrer-origin.html",
+     {}
+    ]
+   ],
+   "beacon/headers/header-referrer-same-origin.html": [
+    [
+     "/beacon/headers/header-referrer-same-origin.html",
+     {}
+    ]
+   ],
+   "beacon/headers/header-referrer-strict-origin-when-cross-origin.https.html": [
+    [
+     "/beacon/headers/header-referrer-strict-origin-when-cross-origin.https.html",
+     {}
+    ]
+   ],
+   "beacon/headers/header-referrer-strict-origin.https.html": [
+    [
+     "/beacon/headers/header-referrer-strict-origin.https.html",
+     {}
+    ]
+   ],
+   "beacon/headers/header-referrer-unsafe-url.https.html": [
+    [
+     "/beacon/headers/header-referrer-unsafe-url.https.html",
+     {}
+    ]
+   ],
    "clear-site-data/navigation.html": [
     [
      "/clear-site-data/navigation.html",
@@ -139552,6 +139610,46 @@
    "61b61d09a21daee964e0ebd26f7bdfdd1964c8ae",
    "support"
   ],
+  "beacon/headers/header-referrer-no-referrer-when-downgrade.https.html": [
+   "273c7d0110d5efc9fac0029cd257256894d3eb4b",
+   "testharness"
+  ],
+  "beacon/headers/header-referrer-no-referrer.html": [
+   "26a0a9453b36efbadb05c8185efe7f9a0d9d54c9",
+   "testharness"
+  ],
+  "beacon/headers/header-referrer-origin-when-cross-origin.html": [
+   "9633758fe59279cfe93333989d26c017f59ab2ac",
+   "testharness"
+  ],
+  "beacon/headers/header-referrer-origin.html": [
+   "1329850363c327533f50e509c6a48f6e4b1ed4bb",
+   "testharness"
+  ],
+  "beacon/headers/header-referrer-same-origin.html": [
+   "9701f2f0a83c6eeefe781d7de2c0cdbcff38b58e",
+   "testharness"
+  ],
+  "beacon/headers/header-referrer-strict-origin-when-cross-origin.https.html": [
+   "79b4a278f0e35646cfdffeebf8f0523e2772bc9b",
+   "testharness"
+  ],
+  "beacon/headers/header-referrer-strict-origin.https.html": [
+   "295ef746c475fca0ae8b492375a48948b4ea19c3",
+   "testharness"
+  ],
+  "beacon/headers/header-referrer-unsafe-url.https.html": [
+   "a7b6e697be165124ed5d6846335c8d3a38ee98f5",
+   "testharness"
+  ],
+  "beacon/headers/header-referrer.js": [
+   "1836174ce84714c39333a4cf863ec994ed70ff93",
+   "support"
+  ],
+  "beacon/resources/inspect-header.py": [
+   "e70503e7fb71617b9be631d5f2a9e73cacd83e3f",
+   "support"
+  ],
   "bluetooth/bluetooth-helpers.js": [
    "9794b578f1c5c08126fc10653e4beed1f1721d0c",
    "support"
@@ -164832,7 +164930,7 @@
    "44b2d8846c79ddf7eb8cb3ab76d8899b7e783fad",
    "manual"
   ],
-  "geolocation-API/getCurrentPosition_permission_deny.html": [
+  "geolocation-API/getCurrentPosition_permission_deny.https.html": [
    "28939dd8e719ba66497a814edd1f4500ad348e95",
    "testharness"
   ],
@@ -176681,11 +176779,11 @@
    "testharness"
   ],
   "html/semantics/forms/textfieldselection/selection-start-end.html": [
-   "1f3184b72aba5631d6db4379dfa98035ee047283",
+   "755fb11ec3d9440d3883ec3e2820a9e77fc144ae",
    "testharness"
   ],
   "html/semantics/forms/textfieldselection/selection.html": [
-   "f7674721b84ec8fca0e5e40258447ce857b87784",
+   "7f3969423e86313ec20846c84f8deecc95048b82",
    "testharness"
   ],
   "html/semantics/forms/textfieldselection/textfieldselection-setRangeText.html": [
@@ -176693,7 +176791,7 @@
    "testharness"
   ],
   "html/semantics/forms/textfieldselection/textfieldselection-setSelectionRange.html": [
-   "462049246a2ef3e66c22017ec6ad362e07b467e6",
+   "ffcef015b49fd156cc529117509f0ae0a38234bd",
    "testharness"
   ],
   "html/semantics/forms/the-button-element/.gitkeep": [
@@ -179461,7 +179559,7 @@
    "testharness"
   ],
   "html/webappapis/scripting/events/event-handler-processing-algorithm.html": [
-   "a7c163d53eb559ea710527cace404ed88e9c4d0a",
+   "9a1fa2065ba742d6ab945065d65bdc0f60783d94",
    "testharness"
   ],
   "html/webappapis/scripting/events/event-handler-spec-example.html": [
@@ -200141,7 +200239,7 @@
    "testharness"
   ],
   "service-workers/service-worker/postmessage-from-waiting-serviceworker.https.html": [
-   "a3a2734be01c2e410a32daf9342f1e211ce22325",
+   "99519ec3ef70e08fe42fce50bb6e9d643a2daa9f",
    "testharness"
   ],
   "service-workers/service-worker/postmessage-msgport-to-client.https.html": [
@@ -200309,7 +200407,7 @@
    "support"
   ],
   "service-workers/service-worker/resources/echo-message-to-source-worker.js": [
-   "449055cd2d8c41f2e3c78a8a748287faee664759",
+   "760b04aa2e36f55cfdbea0871a7424f787734a6e",
    "support"
   ],
   "service-workers/service-worker/resources/empty-but-slow-worker.js": [
@@ -219277,7 +219375,7 @@
    "support"
   ],
   "webvtt/webvtt-file-format-parsing/webvtt-file-parsing/support/newlines.vtt": [
-   "ba3848383a2197647a9c34c52150991ecb87f22a",
+   "a5bfb88a0066da230fbf05f0cf9d200f73c0bb12",
    "support"
   ],
   "webvtt/webvtt-file-format-parsing/webvtt-file-parsing/support/no-signature.vtt": [

testing/web-platform/meta/beacon/headers/header-referrer-no-referrer-when-downgrade.https.html.ini

@@ -0,0 +1,3 @@
+[header-referrer-no-referrer-when-downgrade.https.html]
+  type: testharness
+  prefs: [security.mixed_content.block_active_content:false, security.mixed_content.block_display_content:false]

testing/web-platform/meta/beacon/headers/header-referrer-strict-origin-when-cross-origin.https.html.ini

@@ -0,0 +1,4 @@
+[header-referrer-strict-origin-when-cross-origin.https.html]
+  type: testharness
+  prefs: [security.mixed_content.block_active_content:false, security.mixed_content.block_display_content:false]
+

testing/web-platform/meta/beacon/headers/header-referrer-strict-origin.https.html.ini

@@ -0,0 +1,3 @@
+[header-referrer-strict-origin.https.html]
+  type: testharness
+  prefs: [security.mixed_content.block_active_content:false, security.mixed_content.block_display_content:false]

testing/web-platform/meta/beacon/headers/header-referrer-unsafe-url.https.html.ini

@@ -0,0 +1,3 @@
+[header-referrer-unsafe-url.https.html]
+  type: testharness
+  prefs: [security.mixed_content.block_active_content:false, security.mixed_content.block_display_content:false]

testing/web-platform/mozilla/meta/MANIFEST.json

@@ -900,7 +900,7 @@
    "testharness"
   ],
   "html/semantics/forms/textfieldselection/selection-value-interactions.html": [
-   "6c5e95a8f2f11d106e669eb82b46ffff73d08335",
+   "2083d78d4a6a7b48994f17909790dfeb1ac903ae",
    "testharness"
   ],
   "html/semantics/scripting-1/the-script-element/create-module-script.html": [

testing/web-platform/tests/beacon/headers/header-referrer-no-referrer-when-downgrade.https.html

@@ -0,0 +1,21 @@
+<!doctype html>
+<html>
+  <head>
+    <meta charset="utf-8">
+    <title>SendBeacon Referrer Header No Referrer When Downgrade Policy</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <meta name='referrer' content='no-referrer-when-downgrade'>
+  </head>
+  <body>
+    <script src="/common/utils.js"></script>
+    <script src="/common/get-host-info.sub.js"></script>
+    <script src="/beacon/headers/header-referrer.js"></script>
+    <script>
+      var testBase = get_host_info().HTTPS_ORIGIN + RESOURCES_DIR;
+      testReferrerHeader(testBase, referrerUrl);
+      testBase = get_host_info().HTTP_ORIGIN + RESOURCES_DIR;
+      testReferrerHeader(testBase, "");
+    </script>
+  </body>
+</html>

testing/web-platform/tests/beacon/headers/header-referrer-no-referrer.html

@@ -0,0 +1,19 @@
+<!doctype html>
+<html>
+  <head>
+    <meta charset="utf-8">
+    <title>SendBeacon Referrer Header No Referrer Policy</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <meta name='referrer' content='no-referrer'>
+  </head>
+  <body>
+    <script src="/common/utils.js"></script>
+    <script src="/common/get-host-info.sub.js"></script>
+    <script src="header-referrer.js"></script>
+    <script>
+      var testBase = RESOURCES_DIR;
+      testReferrerHeader(testBase, "");
+    </script>
+  </body>
+</html>

testing/web-platform/tests/beacon/headers/header-referrer-origin-when-cross-origin.html

@@ -0,0 +1,21 @@
+<!doctype html>
+<html>
+  <head>
+    <meta charset="utf-8">
+    <title>SendBeacon Referrer Header Origin When Cross Origin Policy</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <meta name='referrer' content='origin-when-cross-origin'>
+  </head>
+  <body>
+    <script src="/common/utils.js"></script>
+    <script src="/common/get-host-info.sub.js"></script>
+    <script src="header-referrer.js"></script>
+    <script>
+      var testBase = get_host_info().HTTP_ORIGIN + RESOURCES_DIR;
+      testReferrerHeader(testBase, referrerUrl);
+      testBase = get_host_info().HTTP_REMOTE_ORIGIN + RESOURCES_DIR;
+      testReferrerHeader(testBase, referrerOrigin);
+    </script>
+  </body>
+</html>

testing/web-platform/tests/beacon/headers/header-referrer-origin.html

@@ -0,0 +1,19 @@
+<!doctype html>
+<html>
+  <head>
+    <meta charset="utf-8">
+    <title>SendBeacon Referrer Header Origin Policy</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <meta name='referrer' content='origin'>
+  </head>
+  <body>
+    <script src="/common/utils.js"></script>
+    <script src="/common/get-host-info.sub.js"></script>
+    <script src="header-referrer.js"></script>
+    <script>
+      var testBase = get_host_info().HTTP_REMOTE_ORIGIN + RESOURCES_DIR;
+      testReferrerHeader(testBase, referrerOrigin);
+    </script>
+  </body>
+</html>

testing/web-platform/tests/beacon/headers/header-referrer-same-origin.html

@@ -0,0 +1,21 @@
+<!doctype html>
+<html>
+  <head>
+    <meta charset="utf-8">
+    <title>SendBeacon Referrer Header Same Origin Policy</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <meta name='referrer' content='same-origin'>
+  </head>
+  <body>
+    <script src="/common/utils.js"></script>
+    <script src="/common/get-host-info.sub.js"></script>
+    <script src="header-referrer.js"></script>
+    <script>
+      var testBase = RESOURCES_DIR;
+      testReferrerHeader(testBase, referrerUrl);
+      testBase = get_host_info().HTTP_REMOTE_ORIGIN + RESOURCES_DIR;
+      testReferrerHeader(testBase, "");
+    </script>
+  </body>
+</html>

testing/web-platform/tests/beacon/headers/header-referrer-strict-origin-when-cross-origin.https.html

@@ -0,0 +1,21 @@
+<!doctype html>
+<html>
+  <head>
+    <meta charset="utf-8">
+    <title>SendBeacon Referrer Header Strict Origin Policy</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <meta name='referrer' content='strict-origin'>
+  </head>
+  <body>
+    <script src="/common/utils.js"></script>
+    <script src="/common/get-host-info.sub.js"></script>
+    <script src="/beacon/headers/header-referrer.js"></script>
+    <script>
+      var testBase = get_host_info().HTTPS_ORIGIN +  RESOURCES_DIR;
+      testReferrerHeader(testBase, referrerOrigin);
+      testBase = get_host_info().HTTP_ORIGIN + RESOURCES_DIR;
+      testReferrerHeader(testBase, "");
+    </script>
+  </body>
+</html>

testing/web-platform/tests/beacon/headers/header-referrer-strict-origin.https.html

@@ -0,0 +1,21 @@
+<!doctype html>
+<html>
+  <head>
+    <meta charset="utf-8">
+    <title>SendBeacon Referrer Header Strict Origin Policy</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <meta name='referrer' content='strict-origin'>
+  </head>
+  <body>
+    <script src="/common/utils.js"></script>
+    <script src="/common/get-host-info.sub.js"></script>
+    <script src="/beacon/headers/header-referrer.js"></script>
+    <script>
+      var testBase = get_host_info().HTTPS_ORIGIN +  RESOURCES_DIR;
+      testReferrerHeader(testBase, referrerOrigin);
+      testBase = get_host_info().HTTP_ORIGIN + RESOURCES_DIR;
+      testReferrerHeader(testBase, "");
+    </script>
+  </body>
+</html>

testing/web-platform/tests/beacon/headers/header-referrer-unsafe-url.https.html

@@ -0,0 +1,19 @@
+<!doctype html>
+<html>
+  <head>
+    <meta charset="utf-8">
+    <title>SendBeacon Referrer Header Unsafe Url Policy</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <meta name='referrer' content='unsafe-url'>
+  </head>
+  <body>
+    <script src="/common/utils.js"></script>
+    <script src="/common/get-host-info.sub.js"></script>
+    <script src="/beacon/headers/header-referrer.js"></script>
+    <script>
+      var testBase = get_host_info().HTTP_ORIGIN + RESOURCES_DIR;
+      testReferrerHeader(testBase, referrerUrl);
+    </script>
+  </body>
+</html>

testing/web-platform/tests/beacon/headers/header-referrer.js

@@ -0,0 +1,41 @@
+var RESOURCES_DIR = "/beacon/resources/";
+
+var referrerOrigin = self.location.origin + '/';
+var referrerUrl = self.location.href;
+
+function testReferrerHeader(testBase, expectedReferrer) {
+  var id = self.token();
+  var testUrl = testBase + "inspect-header.py?header=referer&cmd=put&id=" + id;
+
+  promise_test(function(test) {
+    assert_true(navigator.sendBeacon(testUrl), "SendBeacon Succeeded");
+    return pollResult(expectedReferrer, id) .then(result => {
+      assert_equals(result, expectedReferrer, "Correct referrer header result");
+    });
+  }, "Successful test ");
+}
+
+// SendBeacon is an asynchronous and non-blocking request to a web server.
+// We may have to create a poll loop to get result from server
+function pollResult(expectedReferrer, id) {
+  var checkUrl = RESOURCES_DIR + "inspect-header.py?header=referer&cmd=get&id=" + id;
+
+  return new Promise(resolve => {
+    function checkResult() {
+      fetch(checkUrl).then(
+        function(response) {
+          assert_equals(response.status, 200, "Inspect header response's status is 200");
+          let result = response.headers.get("x-request-referer");
+
+          if (result != undefined) {
+            resolve(result);
+          } else {
+            step_timeout(checkResult.bind(this), 100);
+          }
+        });
+    }
+
+    checkResult();
+  });
+
+}

testing/web-platform/tests/beacon/resources/inspect-header.py

@@ -0,0 +1,18 @@
+def main(request, response):
+    headers = [("Content-Type", "text/plain")]
+    command = request.GET.first("cmd").lower();
+    test_id = request.GET.first("id")
+    header = request.GET.first("header")
+    if command == "put":
+        request.server.stash.put(test_id, request.headers.get(header, ""))
+
+    elif command == "get":
+        stashed_header = request.server.stash.take(test_id)
+        if stashed_header is not None:
+            headers.append(("x-request-" + header, stashed_header ))
+
+    else:
+        response.set_error(400, "Bad Command")
+        return "ERROR: Bad Command!"
+
+    return headers, ""