test_iframe_referrer.html (4002B)
1 <!DOCTYPE HTML> 2 <html> 3 <head> 4 <meta charset="utf-8"> 5 <title>Test iframe referrer policy attribute for Bug 1175736</title> 6 <script src="/tests/SimpleTest/SimpleTest.js"></script> 7 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/> 8 9 <!-- 10 Testing that iframe referrer attribute is honoured correctly 11 * regular loads 12 * regression tests that meta referrer is still working even if attribute referrers are enabled 13 https://bugzilla.mozilla.org/show_bug.cgi?id=1175736 14 --> 15 16 <script type="application/javascript"> 17 18 const SJS = "://example.com/tests/dom/base/test/referrer_testserver.sjs?"; 19 const PARAMS = ["ATTRIBUTE_POLICY", "NEW_ATTRIBUTE_POLICY", "META_POLICY", "SCHEME_FROM", "SCHEME_TO"]; 20 21 const testCases = [ 22 {ACTION: ["generate-iframe-policy-test"], 23 TESTS: [ 24 {ATTRIBUTE_POLICY: 'unsafe-url', 25 NAME: 'unsafe-url-with-origin-in-meta', 26 META_POLICY: 'origin', 27 DESC: "unsafe-url (iframe) with origin in meta", 28 RESULT: 'full'}, 29 {ATTRIBUTE_POLICY: 'origin', 30 NAME: 'origin-with-unsafe-url-in-meta', 31 META_POLICY: 'unsafe-url', 32 DESC: "origin (iframe) with unsafe-url in meta", 33 RESULT: 'origin'}, 34 {ATTRIBUTE_POLICY: 'no-referrer', 35 NAME: 'no-referrer-with-origin-in-meta', 36 META_POLICY: 'origin', 37 DESC: "no-referrer (iframe) with origin in meta", 38 RESULT: 'none'}, 39 {NAME: 'no-referrer-in-meta', 40 META_POLICY: 'no-referrer', 41 DESC: "no-referrer in meta", 42 RESULT: 'none'}, 43 {ATTRIBUTE_POLICY: 'origin', 44 NAME: 'origin-with-no-meta', 45 META_POLICY: '', 46 DESC: "origin (iframe) with no meta", 47 RESULT: 'origin'}, 48 {ATTRIBUTE_POLICY: 'same-origin', 49 NAME: 'same-origin-with-origin-in-meta', 50 META_POLICY: 'origin', 51 DESC: "same-origin with origin in meta", 52 RESULT: 'full'}, 53 54 // 1. Downgrade. 55 {ATTRIBUTE_POLICY: 'strict-origin', 56 NAME: 'origin-in-meta-strict-origin-in-attr', 57 META_POLICY: 'origin', 58 DESC: 'origin in meta strict-origin in attr', 59 SCHEME_FROM: 'https', 60 SCHEME_TO: 'http', 61 RESULT: 'none'}, 62 {ATTRIBUTE_POLICY: 'strict-origin-when-cross-origin', 63 NAME: 'origin-in-meta-strict-origin-when-cross-origin-in-attr', 64 META_POLICY: 'origin', 65 DESC: 'origin in meta strict-origin-when-cross-origin in attr', 66 SCHEME_FROM: 'https', 67 SCHEME_TO: 'http', 68 RESULT: 'none'}, 69 70 // 2. No downgrade. 71 {ATTRIBUTE_POLICY: 'strict-origin', 72 NAME: 'origin-in-meta-strict-origin-in-attr', 73 META_POLICY: 'origin', 74 DESC: 'origin in meta strict-origin in attr', 75 SCHEME_FROM: 'https', 76 SCHEME_TO: 'https', 77 RESULT: 'origin'}, 78 {ATTRIBUTE_POLICY: 'strict-origin-when-cross-origin', 79 NAME: 'origin-in-meta-strict-origin-when-cross-origin-in-attr', 80 META_POLICY: 'origin', 81 DESC: 'origin in meta strict-origin-when-cross-origin in attr', 82 SCHEME_FROM: 'https', 83 SCHEME_TO: 'https', 84 RESULT: 'full'}, 85 {ATTRIBUTE_POLICY: 'strict-origin-when-cross-origin', 86 NAME: 'strict-origin-when-cross-origin-with-origin-in-meta', 87 META_POLICY: 'origin', 88 SCHEME_FROM: 'http', 89 SCHEME_TO: 'https', 90 DESC: "strict-origin-when-cross-origin with origin in meta", 91 RESULT: 'origin'}, 92 {ATTRIBUTE_POLICY: 'same-origin', 93 NAME: 'same-origin-with-origin-in-meta', 94 META_POLICY: 'origin', 95 SCHEME_FROM: 'http', 96 SCHEME_TO: 'https', 97 DESC: "same-origin with origin in meta", 98 RESULT: 'none'}, 99 ]} 100 ]; 101 </script> 102 <script type="application/javascript" src="/tests/dom/base/test/referrer_helper.js"></script> 103 </head> 104 <body onload="tests.next();"> 105 <iframe id="testframe"></iframe> 106 </body> 107 </html>