tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE
commit 7d063ed674180c9878c83fbe866d15d0aaac3c12
parent f8f007a94eb7b4c6f7168cefeb2555a3bdba04c1
Author: Simon Friedberger <simon@mozilla.com>
Date:   Tue, 18 Nov 2025 08:54:20 +0000

Bug 1984940: Add test case r=ckerschb,frontend-codestyle-reviewers,mossop

Differential Revision: https://phabricator.services.mozilla.com/D265743

Diffstat:

Mdom/security/test/sec-fetch/mochitest.toml | 2++


Adom/security/test/sec-fetch/test_noreferrer_popup.html | 43+++++++++++++++++++++++++++++++++++++++++++


Meslint-file-globals.config.mjs | 1+


3 files changed, 46 insertions(+), 0 deletions(-)

diff --git a/dom/security/test/sec-fetch/mochitest.toml b/dom/security/test/sec-fetch/mochitest.toml
@@ -12,6 +12,8 @@ support-files = [
 
 ["test_iframe_window_open_metaRedirect.html"]
 
+["test_noreferrer_popup.html"]
+
 ["test_trustworthy_loopback.html"]
 skip-if = [
   "os == 'linux' && os_version == '24.04' && processor == 'x86_64' && display == 'x11' && !fission", # Bug 1805760
diff --git a/dom/security/test/sec-fetch/test_noreferrer_popup.html b/dom/security/test/sec-fetch/test_noreferrer_popup.html
@@ -0,0 +1,43 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Bug 1984940 - window.open() with noreferrer has invalid Sec-Fetch-Site=none</title>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+
+<body>
+
+<script class="testbody" type="text/javascript">
+
+add_task(async function() {
+  var script = SpecialPowers.loadChromeScript(() => {
+    /* eslint-env mozilla/chrome-script */
+    Services.obs.addObserver(function onExamResp(subject) {
+    let channel = subject.QueryInterface(Ci.nsIHttpChannel);
+      info("request observed: " + channel.URI.spec);
+      if (!channel.URI.spec.startsWith("https://example.org")) {
+        return;
+      }
+
+      try {
+        is(channel.getRequestHeader("Sec-Fetch-Site"), "cross-site", "testing sec-fetch-site");
+      } catch (e) {
+        ok(false, "sec-fetch-site should be 'cross-site'");
+      }
+
+      sendAsyncMessage("test-pass");
+    }, "http-on-stop-request");
+  });
+
+  let promise = new Promise(resolve => script.addMessageListener("test-pass", resolve));
+
+  SpecialPowers.wrap(document).notifyUserGestureActivation();
+  window.open("https://example.org", '', 'noreferrer');
+
+  await promise;
+});
+
+</script>
+</body>
+</html>
diff --git a/eslint-file-globals.config.mjs b/eslint-file-globals.config.mjs
@@ -209,6 +209,7 @@ export default [
       "dom/security/test/sec-fetch/test_iframe_src_metaRedirect.html",
       "dom/security/test/sec-fetch/test_iframe_srcdoc_metaRedirect.html",
       "dom/security/test/sec-fetch/test_iframe_window_open_metaRedirect.html",
+      "dom/security/test/sec-fetch/test_noreferrer_popup.html",
       "dom/security/test/sec-fetch/test_trustworthy_loopback.html",
       "dom/security/test/sec-fetch/test_websocket.html",
       "dom/security/test/sec-fetch/test_window_open_popupBlockerEnabled.html",