mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-24 18:55:30 +00:00
4d5d691957
Since bug 822869 the referrer trimming has relied on using prePath when trimming resulting in non-ASCII hosts being passed through in UTF-8 (or whatever their encoding was.) Prior to this patch, the logic when trimming was to generate the referrer string using prePath and possibly nsIURL.filePath, then re-derive the nsIURI from that string. Concerned about the cost of introducing asciiPrePath just for this consumer, I opted to have the code just combine the scheme and asciiHostPort to approximate the prior use of prePath. (userPass is explicitly cleared by the code.) Concerned about weirdness/loss of fidelity in the nsIURI, I replaced the code that re-derived the URI from the spec string with manual clearing of the parts of the URI/URL we were not including. This may not be the right thing to do. I modified the existing Gecko-specific test coverage of SetReferrerPolicy. The existing web platform tests and referrer policy didn't seem concerned with this case, and the bug is indeed localized to a very small segment of Gecko code. Note that the userReferrerTrimmingPolicy=1 bug case can only be triggered by explicit user preference setting and this is only tested in test_referrer.js. userReferrerTrimmingPolicy=2 need not be set by preference if REFERRER_POLICY_ORIGIN or REFERRER_POLICY_ORIGIN_WHEN_XORIGIN (when cross origin) is used.
96 lines
3.0 KiB
JavaScript
96 lines
3.0 KiB
JavaScript
Cu.import("resource://gre/modules/NetUtil.jsm");
|
|
|
|
function test_policy(test) {
|
|
do_print("Running test: " + test.toSource());
|
|
|
|
var uri = NetUtil.newURI(test.url, "", null)
|
|
var chan = NetUtil.newChannel({
|
|
uri: uri,
|
|
loadUsingSystemPrincipal: true
|
|
});
|
|
|
|
var referrer = NetUtil.newURI(test.referrer, "", null);
|
|
chan.QueryInterface(Components.interfaces.nsIHttpChannel);
|
|
chan.setReferrerWithPolicy(referrer, test.policy);
|
|
if (test.expectedReferrerSpec === undefined) {
|
|
try {
|
|
chan.getRequestHeader("Referer");
|
|
do_throw("Should not find a Referer header!");
|
|
} catch(e) {
|
|
}
|
|
do_check_eq(chan.referrer, null);
|
|
} else {
|
|
var header = chan.getRequestHeader("Referer");
|
|
do_check_eq(header, test.expectedReferrerSpec);
|
|
do_check_eq(chan.referrer.asciiSpec, test.expectedReferrerSpec);
|
|
}
|
|
}
|
|
|
|
const nsIHttpChannel = Ci.nsIHttpChannel;
|
|
var gTests = [
|
|
{
|
|
policy: nsIHttpChannel.REFERRER_POLICY_DEFAULT,
|
|
url: "https://test.example/foo",
|
|
referrer: "https://test.example/referrer",
|
|
expectedReferrerSpec: "https://test.example/referrer"
|
|
},
|
|
{
|
|
policy: nsIHttpChannel.REFERRER_POLICY_DEFAULT,
|
|
url: "https://sub1.\xe4lt.example/foo",
|
|
referrer: "https://sub1.\xe4lt.example/referrer",
|
|
expectedReferrerSpec: "https://sub1.xn--lt-uia.example/referrer"
|
|
},
|
|
{
|
|
policy: nsIHttpChannel.REFERRER_POLICY_DEFAULT,
|
|
url: "http://test.example/foo",
|
|
referrer: "https://test.example/referrer",
|
|
expectedReferrerSpec: undefined
|
|
},
|
|
{
|
|
policy: nsIHttpChannel.REFERRER_POLICY_NO_REFERRER,
|
|
url: "https://test.example/foo",
|
|
referrer: "https://test.example/referrer",
|
|
expectedReferrerSpec: undefined
|
|
},
|
|
{
|
|
policy: nsIHttpChannel.REFERRER_POLICY_ORIGIN,
|
|
url: "https://test.example/foo",
|
|
referrer: "https://test.example/referrer",
|
|
expectedReferrerSpec: "https://test.example/"
|
|
},
|
|
{
|
|
policy: nsIHttpChannel.REFERRER_POLICY_ORIGIN,
|
|
url: "https://sub1.\xe4lt.example/foo",
|
|
referrer: "https://sub1.\xe4lt.example/referrer",
|
|
expectedReferrerSpec: "https://sub1.xn--lt-uia.example/"
|
|
},
|
|
{
|
|
policy: nsIHttpChannel.REFERRER_POLICY_UNSAFE_URL,
|
|
url: "https://test.example/foo",
|
|
referrer: "https://test.example/referrer",
|
|
expectedReferrerSpec: "https://test.example/referrer"
|
|
},
|
|
{
|
|
policy: nsIHttpChannel.REFERRER_POLICY_UNSAFE_URL,
|
|
url: "https://sub1.\xe4lt.example/foo",
|
|
referrer: "https://sub1.\xe4lt.example/referrer",
|
|
expectedReferrerSpec: "https://sub1.xn--lt-uia.example/referrer"
|
|
},
|
|
{
|
|
policy: nsIHttpChannel.REFERRER_POLICY_UNSAFE_URL,
|
|
url: "http://test.example/foo",
|
|
referrer: "https://test.example/referrer",
|
|
expectedReferrerSpec: "https://test.example/referrer"
|
|
},
|
|
{
|
|
policy: nsIHttpChannel.REFERRER_POLICY_UNSAFE_URL,
|
|
url: "http://sub1.\xe4lt.example/foo",
|
|
referrer: "https://sub1.\xe4lt.example/referrer",
|
|
expectedReferrerSpec: "https://sub1.xn--lt-uia.example/referrer"
|
|
},
|
|
];
|
|
|
|
function run_test() {
|
|
gTests.forEach(test => test_policy(test));
|
|
}
|