netwerk/test/unit/test_referrer_cross_origin.js

   1 /* Any copyright is dedicated to the Public Domain.
   2  * http://creativecommons.org/publicdomain/zero/1.0/
   3  */
   4 "use strict";
   5
   6 const ReferrerInfo = Components.Constructor(
   7   "@mozilla.org/referrer-info;1",
   8   "nsIReferrerInfo",
   9   "init"
  10 );
  11
  12 function test_policy(test) {
  13   info("Running test: " + test.toSource());
  14
  15   let prefs = Services.prefs;
  16
  17   if (test.trimmingPolicy !== undefined) {
  18     prefs.setIntPref(
  19       "network.http.referer.trimmingPolicy",
  20       test.trimmingPolicy
  21     );
  22   } else {
  23     prefs.setIntPref("network.http.referer.trimmingPolicy", 0);
  24   }
  25
  26   if (test.XOriginTrimmingPolicy !== undefined) {
  27     prefs.setIntPref(
  28       "network.http.referer.XOriginTrimmingPolicy",
  29       test.XOriginTrimmingPolicy
  30     );
  31   } else {
  32     prefs.setIntPref("network.http.referer.XOriginTrimmingPolicy", 0);
  33   }
  34
  35   if (test.disallowRelaxingDefault) {
  36     prefs.setBoolPref(
  37       "network.http.referer.disallowCrossSiteRelaxingDefault",
  38       test.disallowRelaxingDefault
  39     );
  40   } else {
  41     prefs.setBoolPref(
  42       "network.http.referer.disallowCrossSiteRelaxingDefault",
  43       false
  44     );
  45   }
  46
  47   let referrer = NetUtil.newURI(test.referrer);
  48   let triggeringPrincipal =
  49     Services.scriptSecurityManager.createContentPrincipal(referrer, {});
  50   let chan = NetUtil.newChannel({
  51     uri: test.url,
  52     loadingPrincipal: Services.scriptSecurityManager.getSystemPrincipal(),
  53     triggeringPrincipal,
  54     contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER,
  55     securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
  56   });
  57
  58   chan.QueryInterface(Ci.nsIHttpChannel);
  59   chan.referrerInfo = new ReferrerInfo(test.policy, true, referrer);
  60
  61   if (test.expectedReferrerSpec === undefined) {
  62     try {
  63       chan.getRequestHeader("Referer");
  64       do_throw("Should not find a Referer header!");
  65     } catch (e) {}
  66   } else {
  67     let header = chan.getRequestHeader("Referer");
  68     Assert.equal(header, test.expectedReferrerSpec);
  69   }
  70 }
  71
  72 const nsIReferrerInfo = Ci.nsIReferrerInfo;
  73 var gTests = [
  74   // Test same origin policy w/o cross origin
  75   {
  76     policy: nsIReferrerInfo.SAME_ORIGIN,
  77     url: "https://test.example/foo?a",
  78     referrer: "https://test.example/foo?a",
  79     expectedReferrerSpec: "https://test.example/foo?a",
  80   },
  81   {
  82     policy: nsIReferrerInfo.SAME_ORIGIN,
  83     url: "https://test.example/foo?a",
  84     referrer: "https://foo.example/foo?a",
  85     expectedReferrerSpec: undefined,
  86   },
  87   {
  88     policy: nsIReferrerInfo.SAME_ORIGIN,
  89     trimmingPolicy: 1,
  90     url: "https://test.example/foo?a",
  91     referrer: "https://test.example/foo?a",
  92     expectedReferrerSpec: "https://test.example/foo",
  93   },
  94   {
  95     policy: nsIReferrerInfo.SAME_ORIGIN,
  96     trimmingPolicy: 1,
  97     url: "https://test.example/foo?a",
  98     referrer: "https://foo.example/foo?a",
  99     expectedReferrerSpec: undefined,
 100   },
 101   {
 102     policy: nsIReferrerInfo.SAME_ORIGIN,
 103     trimmingPolicy: 2,
 104     url: "https://test.example/foo?a",
 105     referrer: "https://test.example/foo?a",
 106     expectedReferrerSpec: "https://test.example/",
 107   },
 108   {
 109     policy: nsIReferrerInfo.SAME_ORIGIN,
 110     trimmingPolicy: 2,
 111     url: "https://test.example/foo?a",
 112     referrer: "https://foo.example/foo?a",
 113     expectedReferrerSpec: undefined,
 114   },
 115
 116   // Test origin when xorigin policy w/o cross origin
 117   {
 118     policy: nsIReferrerInfo.ORIGIN_WHEN_CROSS_ORIGIN,
 119     url: "https://test.example/foo?a",
 120     referrer: "https://test.example/foo?a",
 121     expectedReferrerSpec: "https://test.example/foo?a",
 122   },
 123   {
 124     policy: nsIReferrerInfo.ORIGIN_WHEN_CROSS_ORIGIN,
 125     url: "https://test.example/foo?a",
 126     referrer: "https://foo.example/foo?a",
 127     expectedReferrerSpec: "https://foo.example/",
 128   },
 129   {
 130     policy: nsIReferrerInfo.ORIGIN_WHEN_CROSS_ORIGIN,
 131     trimmingPolicy: 1,
 132     url: "https://test.example/foo?a",
 133     referrer: "https://test.example/foo?a",
 134     expectedReferrerSpec: "https://test.example/foo",
 135   },
 136   {
 137     policy: nsIReferrerInfo.ORIGIN_WHEN_CROSS_ORIGIN,
 138     trimmingPolicy: 1,
 139     url: "https://test.example/foo?a",
 140     referrer: "https://foo.example/foo?a",
 141     expectedReferrerSpec: "https://foo.example/",
 142   },
 143   {
 144     policy: nsIReferrerInfo.ORIGIN_WHEN_CROSS_ORIGIN,
 145     trimmingPolicy: 2,
 146     url: "https://test.example/foo?a",
 147     referrer: "https://test.example/foo?a",
 148     expectedReferrerSpec: "https://test.example/",
 149   },
 150   {
 151     policy: nsIReferrerInfo.ORIGIN_WHEN_CROSS_ORIGIN,
 152     trimmingPolicy: 2,
 153     url: "https://test.example/foo?a",
 154     referrer: "https://foo.example/foo?a",
 155     expectedReferrerSpec: "https://foo.example/",
 156   },
 157   {
 158     policy: nsIReferrerInfo.ORIGIN_WHEN_CROSS_ORIGIN,
 159     XOriginTrimmingPolicy: 1,
 160     url: "https://test.example/foo?a",
 161     referrer: "https://test.example/foo?a",
 162     expectedReferrerSpec: "https://test.example/foo?a",
 163   },
 164   {
 165     policy: nsIReferrerInfo.ORIGIN_WHEN_CROSS_ORIGIN,
 166     XOriginTrimmingPolicy: 1,
 167     url: "https://test.example/foo?a",
 168     referrer: "https://foo.example/foo?a",
 169     expectedReferrerSpec: "https://foo.example/",
 170   },
 171   {
 172     policy: nsIReferrerInfo.ORIGIN_WHEN_CROSS_ORIGIN,
 173     XOriginTrimmingPolicy: 2,
 174     url: "https://test.example/foo?a",
 175     referrer: "https://test.example/foo?a",
 176     expectedReferrerSpec: "https://test.example/foo?a",
 177   },
 178   {
 179     policy: nsIReferrerInfo.ORIGIN_WHEN_CROSS_ORIGIN,
 180     XOriginTrimmingPolicy: 2,
 181     url: "https://test.example/foo?a",
 182     referrer: "https://foo.example/foo?a",
 183     expectedReferrerSpec: "https://foo.example/",
 184   },
 185
 186   // Test strict origin when xorigin policy w/o cross origin
 187   {
 188     policy: nsIReferrerInfo.STRICT_ORIGIN_WHEN_CROSS_ORIGIN,
 189     url: "https://test.example/foo?a",
 190     referrer: "https://test.example/foo?a",
 191     expectedReferrerSpec: "https://test.example/foo?a",
 192   },
 193   {
 194     policy: nsIReferrerInfo.STRICT_ORIGIN_WHEN_CROSS_ORIGIN,
 195     url: "https://test.example/foo?a",
 196     referrer: "https://foo.example/foo?a",
 197     expectedReferrerSpec: "https://foo.example/",
 198   },
 199   {
 200     policy: nsIReferrerInfo.STRICT_ORIGIN_WHEN_CROSS_ORIGIN,
 201     url: "http://test.example/foo?a",
 202     referrer: "https://foo.example/foo?a",
 203     expectedReferrerSpec: undefined,
 204   },
 205   {
 206     policy: nsIReferrerInfo.STRICT_ORIGIN_WHEN_CROSS_ORIGIN,
 207     trimmingPolicy: 1,
 208     url: "https://test.example/foo?a",
 209     referrer: "https://test.example/foo?a",
 210     expectedReferrerSpec: "https://test.example/foo",
 211   },
 212   {
 213     policy: nsIReferrerInfo.STRICT_ORIGIN_WHEN_CROSS_ORIGIN,
 214     trimmingPolicy: 1,
 215     url: "https://test.example/foo?a",
 216     referrer: "https://foo.example/foo?a",
 217     expectedReferrerSpec: "https://foo.example/",
 218   },
 219   {
 220     policy: nsIReferrerInfo.STRICT_ORIGIN_WHEN_CROSS_ORIGIN,
 221     trimmingPolicy: 1,
 222     url: "http://test.example/foo?a",
 223     referrer: "https://foo.example/foo?a",
 224     expectedReferrerSpec: undefined,
 225   },
 226   {
 227     policy: nsIReferrerInfo.STRICT_ORIGIN_WHEN_CROSS_ORIGIN,
 228     trimmingPolicy: 2,
 229     url: "https://test.example/foo?a",
 230     referrer: "https://test.example/foo?a",
 231     expectedReferrerSpec: "https://test.example/",
 232   },
 233   {
 234     policy: nsIReferrerInfo.STRICT_ORIGIN_WHEN_CROSS_ORIGIN,
 235     trimmingPolicy: 2,
 236     url: "https://test.example/foo?a",
 237     referrer: "https://foo.example/foo?a",
 238     expectedReferrerSpec: "https://foo.example/",
 239   },
 240   {
 241     policy: nsIReferrerInfo.STRICT_ORIGIN_WHEN_CROSS_ORIGIN,
 242     trimmingPolicy: 2,
 243     url: "http://test.example/foo?a",
 244     referrer: "https://foo.example/foo?a",
 245     expectedReferrerSpec: undefined,
 246   },
 247   {
 248     policy: nsIReferrerInfo.STRICT_ORIGIN_WHEN_CROSS_ORIGIN,
 249     XOriginTrimmingPolicy: 1,
 250     url: "https://test.example/foo?a",
 251     referrer: "https://test.example/foo?a",
 252     expectedReferrerSpec: "https://test.example/foo?a",
 253   },
 254   {
 255     policy: nsIReferrerInfo.STRICT_ORIGIN_WHEN_CROSS_ORIGIN,
 256     XOriginTrimmingPolicy: 1,
 257     url: "https://test.example/foo?a",
 258     referrer: "https://foo.example/foo?a",
 259     expectedReferrerSpec: "https://foo.example/",
 260   },
 261   {
 262     policy: nsIReferrerInfo.STRICT_ORIGIN_WHEN_CROSS_ORIGIN,
 263     XOriginTrimmingPolicy: 1,
 264     url: "http://test.example/foo?a",
 265     referrer: "https://foo.example/foo?a",
 266     expectedReferrerSpec: undefined,
 267   },
 268   {
 269     policy: nsIReferrerInfo.STRICT_ORIGIN_WHEN_CROSS_ORIGIN,
 270     XOriginTrimmingPolicy: 2,
 271     url: "https://test.example/foo?a",
 272     referrer: "https://test.example/foo?a",
 273     expectedReferrerSpec: "https://test.example/foo?a",
 274   },
 275   {
 276     policy: nsIReferrerInfo.STRICT_ORIGIN_WHEN_CROSS_ORIGIN,
 277     XOriginTrimmingPolicy: 2,
 278     url: "https://test.example/foo?a",
 279     referrer: "https://foo.example/foo?a",
 280     expectedReferrerSpec: "https://foo.example/",
 281   },
 282   {
 283     policy: nsIReferrerInfo.STRICT_ORIGIN_WHEN_CROSS_ORIGIN,
 284     XOriginTrimmingPolicy: 2,
 285     url: "http://test.example/foo?a",
 286     referrer: "https://foo.example/foo?a",
 287     expectedReferrerSpec: undefined,
 288   },
 289
 290   // Test mix and choose max of XOriginTrimmingPolicy and trimmingPolicy
 291   {
 292     policy: nsIReferrerInfo.UNSAFE_URL,
 293     XOriginTrimmingPolicy: 2,
 294     trimmingPolicy: 1,
 295     url: "https://test.example/foo?a",
 296     referrer: "https://test1.example/foo?a",
 297     expectedReferrerSpec: "https://test1.example/",
 298   },
 299   {
 300     policy: nsIReferrerInfo.UNSAFE_URL,
 301     XOriginTrimmingPolicy: 2,
 302     trimmingPolicy: 1,
 303     url: "https://test.example/foo?a",
 304     referrer: "https://test.example/foo?a",
 305     expectedReferrerSpec: "https://test.example/foo",
 306   },
 307   {
 308     policy: nsIReferrerInfo.UNSAFE_URL,
 309     XOriginTrimmingPolicy: 1,
 310     trimmingPolicy: 2,
 311     url: "https://test.example/foo?a",
 312     referrer: "https://test.example/foo?a",
 313     expectedReferrerSpec: "https://test.example/",
 314   },
 315   {
 316     policy: nsIReferrerInfo.UNSAFE_URL,
 317     XOriginTrimmingPolicy: 1,
 318     trimmingPolicy: 0,
 319     url: "https://test.example/foo?a",
 320     referrer: "https://test1.example/foo?a",
 321     expectedReferrerSpec: "https://test1.example/foo",
 322   },
 323 ];
 324
 325 function run_test() {
 326   gTests.forEach(test => test_policy(test));
 327   Services.prefs.clearUserPref("network.http.referer.trimmingPolicy");
 328   Services.prefs.clearUserPref("network.http.referer.XOriginTrimmingPolicy");
 329   Services.prefs.clearUserPref(
 330     "network.http.referer.disallowCrossSiteRelaxingDefault"
 331   );
 332 }