test_iframe_referrer_invalid.html (3098B)
1 <!DOCTYPE HTML> 2 <html> 3 <head> 4 <meta charset="utf-8"> 5 <title>Test iframe referrer policy attribute for Bug 1175736</title> 6 <script src="/tests/SimpleTest/SimpleTest.js"></script> 7 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/> 8 9 <!-- 10 Testing that iframe referrer attribute is honoured correctly 11 * invalid referrer policies 12 https://bugzilla.mozilla.org/show_bug.cgi?id=1175736 13 --> 14 15 <script type="application/javascript"> 16 17 const SJS = "://example.com/tests/dom/base/test/referrer_testserver.sjs?"; 18 const PARAMS = ["ATTRIBUTE_POLICY", "NEW_ATTRIBUTE_POLICY", "META_POLICY", "SCHEME_FROM", "SCHEME_TO"]; 19 20 const testCases = [ 21 {ACTION: ["generate-iframe-policy-test"], 22 TESTS: [ 23 // setting invalid refer values -> we expect either full referrer (default) 24 // or whatever is specified in the meta referrer policy 25 26 // Note that for those test cases which require cross-origin test, we use different 27 // scheme to result in cross-origin request. 28 {ATTRIBUTE_POLICY: 'origin-when-cross-origin', 29 NAME: 'origin-when-cross-origin-with-no-meta', 30 META_POLICY: '', 31 DESC: "origin-when-cross-origin (iframe) with no meta", 32 SCHEME_FROM: 'https', 33 SCHEME_TO: 'http', 34 RESULT: 'origin'}, 35 {ATTRIBUTE_POLICY: 'default', 36 NAME: 'default-with-no-meta', 37 META_POLICY: '', 38 DESC: "default (iframe) with no meta", 39 RESULT: 'full'}, 40 {ATTRIBUTE_POLICY: 'something', 41 NAME: 'something-with-no-meta', 42 META_POLICY: '', 43 DESC: "something (iframe) with no meta", 44 RESULT: 'full'}, 45 {ATTRIBUTE_POLICY: 'origin-when-cross-origin', 46 NAME: 'origin-when-cross-origin-with-no-referrer-in-meta', 47 META_POLICY: 'no-referrer', 48 DESC: "origin-when-cross-origin (iframe) with no-referrer in meta", 49 SCHEME_FROM: 'https', 50 SCHEME_TO: 'http', 51 RESULT: 'origin'}, 52 {ATTRIBUTE_POLICY: 'origin-when-cross-origin', 53 NAME: 'origin-when-cross-origin-with-unsafe-url-in-meta', 54 META_POLICY: 'unsafe-url', 55 DESC: "origin-when-cross-origin (iframe) with unsafe-url in meta", 56 SCHEME_FROM: 'https', 57 SCHEME_TO: 'http', 58 RESULT: 'origin'}, 59 {ATTRIBUTE_POLICY: 'origin-when-cross-origin', 60 NAME: 'origin-when-cross-origin-with-origin-in-meta', 61 META_POLICY: 'origin', 62 DESC: "origin-when-cross-origin (iframe) with origin in meta", 63 SCHEME_FROM: 'https', 64 SCHEME_TO: 'http', 65 RESULT: 'origin'}, 66 {NAME: 'origin-in-meta', 67 META_POLICY: 'origin', 68 DESC: "origin in meta", 69 RESULT: 'origin'}, 70 {NAME: 'no-referrer-in-meta', 71 META_POLICY: 'no-referrer', 72 DESC: "no-referrer in meta", 73 RESULT: 'none'}]} 74 ]; 75 </script> 76 <script type="application/javascript" src="/tests/dom/base/test/referrer_helper.js"></script> 77 </head> 78 <body onload="tests.next();"> 79 <iframe id="testframe"></iframe> 80 </body> 81 </html>