mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-08 10:44:56 +00:00
Bug 1251873
- Store the trimmed referrer URL on HTTP channel if a trimming referrer policy is in effect; r=mcmanus
Failure to do this will result in the consumers of nsIHttpChannel::GetReferrer() observing the wrong referrer. The test in this patch shows the scenarios which would fail under such conditions.
This commit is contained in:
parent
b14c9d9cba
commit
baf9a67550
@ -1505,6 +1505,12 @@ HttpBaseChannel::SetReferrerWithPolicy(nsIURI *referrer,
|
||||
break;
|
||||
}
|
||||
|
||||
// If any user trimming policy is in effect, use the trimmed URI.
|
||||
if (userReferrerTrimmingPolicy) {
|
||||
rv = NS_NewURI(getter_AddRefs(clone), spec);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
}
|
||||
|
||||
// finally, remember the referrer URI and set the Referer header.
|
||||
rv = SetRequestHeader(NS_LITERAL_CSTRING("Referer"), spec, false);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
77
netwerk/test/unit/test_referrer_policy.js
Normal file
77
netwerk/test/unit/test_referrer_policy.js
Normal file
@ -0,0 +1,77 @@
|
||||
Cu.import("resource://gre/modules/NetUtil.jsm");
|
||||
|
||||
function test_policy(test) {
|
||||
do_print("Running test: " + test.toSource());
|
||||
|
||||
var uri = NetUtil.newURI(test.url, "", null)
|
||||
var chan = NetUtil.newChannel({
|
||||
uri: uri,
|
||||
loadUsingSystemPrincipal: true
|
||||
});
|
||||
|
||||
var referrer = NetUtil.newURI(test.referrer, "", null);
|
||||
chan.QueryInterface(Components.interfaces.nsIHttpChannel);
|
||||
chan.setReferrerWithPolicy(referrer, test.policy);
|
||||
if (test.expectedHeader === undefined) {
|
||||
try {
|
||||
chan.getRequestHeader("Referer");
|
||||
do_throw("Should not find a Referer header!");
|
||||
} catch(e) {
|
||||
}
|
||||
do_check_eq(chan.referrer, null);
|
||||
} else {
|
||||
var header = chan.getRequestHeader("Referer");
|
||||
do_check_eq(header, test.expectedHeader);
|
||||
do_check_eq(chan.referrer.spec, test.expectedReferrerSpec);
|
||||
}
|
||||
}
|
||||
|
||||
const nsIHttpChannel = Ci.nsIHttpChannel;
|
||||
var gTests = [
|
||||
{
|
||||
policy: nsIHttpChannel.REFERRER_POLICY_DEFAULT,
|
||||
url: "https://test.example/foo",
|
||||
referrer: "https://test.example/referrer",
|
||||
expectedHeader: "https://test.example/referrer",
|
||||
expectedReferrerSpec: "https://test.example/referrer"
|
||||
},
|
||||
{
|
||||
policy: nsIHttpChannel.REFERRER_POLICY_DEFAULT,
|
||||
url: "http://test.example/foo",
|
||||
referrer: "https://test.example/referrer",
|
||||
expectedHeader: undefined,
|
||||
expectedReferrerSpec: undefined
|
||||
},
|
||||
{
|
||||
policy: nsIHttpChannel.REFERRER_POLICY_NO_REFERRER,
|
||||
url: "https://test.example/foo",
|
||||
referrer: "https://test.example/referrer",
|
||||
expectedHeader: undefined,
|
||||
expectedReferrerSpec: undefined
|
||||
},
|
||||
{
|
||||
policy: nsIHttpChannel.REFERRER_POLICY_ORIGIN,
|
||||
url: "https://test.example/foo",
|
||||
referrer: "https://test.example/referrer",
|
||||
expectedHeader: "https://test.example",
|
||||
expectedReferrerSpec: "https://test.example/"
|
||||
},
|
||||
{
|
||||
policy: nsIHttpChannel.REFERRER_POLICY_UNSAFE_URL,
|
||||
url: "https://test.example/foo",
|
||||
referrer: "https://test.example/referrer",
|
||||
expectedHeader: "https://test.example/referrer",
|
||||
expectedReferrerSpec: "https://test.example/referrer"
|
||||
},
|
||||
{
|
||||
policy: nsIHttpChannel.REFERRER_POLICY_UNSAFE_URL,
|
||||
url: "http://test.example/foo",
|
||||
referrer: "https://test.example/referrer",
|
||||
expectedHeader: "https://test.example/referrer",
|
||||
expectedReferrerSpec: "https://test.example/referrer"
|
||||
},
|
||||
];
|
||||
|
||||
function run_test() {
|
||||
gTests.forEach(test => test_policy(test));
|
||||
}
|
@ -315,6 +315,7 @@ skip-if = os == "android"
|
||||
[test_about_networking.js]
|
||||
[test_ping_aboutnetworking.js]
|
||||
[test_referrer.js]
|
||||
[test_referrer_policy.js]
|
||||
[test_predictor.js]
|
||||
# Android version detection w/in gecko does not work right on infra, so we just
|
||||
# disable this test on all android versions, even though it's enabled on 2.3+ in
|
||||
|
@ -1,5 +0,0 @@
|
||||
[cross-origin.swap-origin-redirect.http.html]
|
||||
type: testharness
|
||||
[The referrer URL is origin when a\n document served over http requires an http\n sub-resource via fetch-request using the http-csp\n delivery method with swap-origin-redirect and when\n the target request is cross-origin.]
|
||||
expected: FAIL
|
||||
|
@ -1,5 +0,0 @@
|
||||
[cross-origin.swap-origin-redirect.http.html]
|
||||
type: testharness
|
||||
[The referrer URL is origin when a\n document served over http requires an http\n sub-resource via iframe-tag using the http-csp\n delivery method with swap-origin-redirect and when\n the target request is cross-origin.]
|
||||
expected: FAIL
|
||||
|
@ -1,5 +0,0 @@
|
||||
[cross-origin.swap-origin-redirect.http.html]
|
||||
type: testharness
|
||||
[The referrer URL is origin when a\n document served over http requires an http\n sub-resource via script-tag using the http-csp\n delivery method with swap-origin-redirect and when\n the target request is cross-origin.]
|
||||
expected: FAIL
|
||||
|
@ -1,5 +0,0 @@
|
||||
[cross-origin.swap-origin-redirect.http.html]
|
||||
type: testharness
|
||||
[The referrer URL is origin when a\n document served over http requires an http\n sub-resource via xhr-request using the http-csp\n delivery method with swap-origin-redirect and when\n the target request is cross-origin.]
|
||||
expected: FAIL
|
||||
|
@ -1,5 +0,0 @@
|
||||
[cross-origin.swap-origin-redirect.http.html]
|
||||
type: testharness
|
||||
[The referrer URL is origin when a\n document served over http requires an http\n sub-resource via fetch-request using the meta-csp\n delivery method with swap-origin-redirect and when\n the target request is cross-origin.]
|
||||
expected: FAIL
|
||||
|
@ -1,5 +0,0 @@
|
||||
[cross-origin.swap-origin-redirect.http.html]
|
||||
type: testharness
|
||||
[The referrer URL is origin when a\n document served over http requires an http\n sub-resource via iframe-tag using the meta-csp\n delivery method with swap-origin-redirect and when\n the target request is cross-origin.]
|
||||
expected: FAIL
|
||||
|
@ -1,5 +0,0 @@
|
||||
[cross-origin.swap-origin-redirect.http.html]
|
||||
type: testharness
|
||||
[The referrer URL is origin when a\n document served over http requires an http\n sub-resource via script-tag using the meta-csp\n delivery method with swap-origin-redirect and when\n the target request is cross-origin.]
|
||||
expected: FAIL
|
||||
|
@ -1,5 +0,0 @@
|
||||
[cross-origin.swap-origin-redirect.http.html]
|
||||
type: testharness
|
||||
[The referrer URL is origin when a\n document served over http requires an http\n sub-resource via xhr-request using the meta-csp\n delivery method with swap-origin-redirect and when\n the target request is cross-origin.]
|
||||
expected: FAIL
|
||||
|
@ -1,5 +0,0 @@
|
||||
[cross-origin.swap-origin-redirect.http.html]
|
||||
type: testharness
|
||||
[The referrer URL is origin when a\n document served over http requires an http\n sub-resource via fetch-request using the meta-referrer\n delivery method with swap-origin-redirect and when\n the target request is cross-origin.]
|
||||
expected: FAIL
|
||||
|
@ -1,5 +0,0 @@
|
||||
[cross-origin.swap-origin-redirect.http.html]
|
||||
type: testharness
|
||||
[The referrer URL is origin when a\n document served over http requires an http\n sub-resource via iframe-tag using the meta-referrer\n delivery method with swap-origin-redirect and when\n the target request is cross-origin.]
|
||||
expected: FAIL
|
||||
|
@ -1,5 +0,0 @@
|
||||
[cross-origin.swap-origin-redirect.http.html]
|
||||
type: testharness
|
||||
[The referrer URL is origin when a\n document served over http requires an http\n sub-resource via script-tag using the meta-referrer\n delivery method with swap-origin-redirect and when\n the target request is cross-origin.]
|
||||
expected: FAIL
|
||||
|
@ -1,5 +0,0 @@
|
||||
[cross-origin.swap-origin-redirect.http.html]
|
||||
type: testharness
|
||||
[The referrer URL is origin when a\n document served over http requires an http\n sub-resource via xhr-request using the meta-referrer\n delivery method with swap-origin-redirect and when\n the target request is cross-origin.]
|
||||
expected: FAIL
|
||||
|
Loading…
Reference in New Issue
Block a user