test_link_preload.html (11414B)
1 <!DOCTYPE HTML> 2 <html> 3 <head> 4 <meta charset="utf-8"> 5 <title>Test preload referrer policy for Bug 1399780</title> 6 <script src="/tests/SimpleTest/SimpleTest.js"></script> 7 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/> 8 9 <!-- 10 Testing that link referrer attributes are honoured correctly for rel=preload 11 https://bugzilla.mozilla.org/show_bug.cgi?id=1399780 12 --> 13 14 <script type="application/javascript"> 15 16 const SJS = "://example.com/tests/dom/base/test/referrer_testserver.sjs?"; 17 const PARAMS = ["ATTRIBUTE_POLICY", "NEW_ATTRIBUTE_POLICY", "META_POLICY", "REL", "SCHEME_FROM", "SCHEME_TO"]; 18 19 const testCases = [ 20 {ACTION: ["generate-link-policy-test"], 21 PREFS: [ 22 ["dom.security.https_first", false], 23 ["security.mixed_content.upgrade_display_content", false] 24 ], 25 TESTS: [ 26 {ATTRIBUTE_POLICY: 'unsafe-url', 27 NAME: 'preload-unsafe-url-with-origin-in-meta', 28 META_POLICY: 'origin', 29 REL: 'preload', 30 DESC: "preload-unsafe-url with origin in meta", 31 RESULT: 'full'}, 32 {ATTRIBUTE_POLICY: 'origin', 33 NAME: 'preload-origin-with-unsafe-url-in-meta', 34 META_POLICY: 'unsafe-url', 35 REL: 'preload', 36 DESC: "preload-origin with unsafe-url in meta", 37 RESULT: 'origin'}, 38 {ATTRIBUTE_POLICY: 'no-referrer', 39 NAME: 'preload-no-referrer-with-origin-in-meta', 40 META_POLICY: 'origin', 41 REL: 'preload', 42 DESC: "preload-no-referrer with origin in meta", 43 RESULT: 'none'}, 44 {ATTRIBUTE_POLICY: 'same-origin', 45 NAME: 'preload-same-origin-with-origin-in-meta', 46 META_POLICY: 'origin', 47 REL: 'preload', 48 DESC: "preload-same-origin with origin in meta", 49 RESULT: 'full'}, 50 {NAME: 'preload-no-referrer-in-meta', 51 META_POLICY: 'no-referrer', 52 REL: 'preload', 53 DESC: "preload-no-referrer in meta", 54 RESULT: 'none'}, 55 56 // Downgrade. 57 {ATTRIBUTE_POLICY: 'no-referrer-when-downgrade', 58 NAME: 'preload-origin-in-meta-downgrade-in-attr', 59 META_POLICY: 'origin', 60 DESC: 'preload-origin in meta downgrade in attr', 61 REL: 'preload', 62 SCHEME_FROM: 'https', 63 SCHEME_TO: 'http', 64 RESULT: 'none'}, 65 {ATTRIBUTE_POLICY: 'strict-origin', 66 NAME: 'preload-origin-in-meta-strict-origin-in-attr', 67 META_POLICY: 'origin', 68 DESC: 'preload-origin in meta strict-origin in attr', 69 REL: 'preload', 70 SCHEME_FROM: 'https', 71 SCHEME_TO: 'http', 72 RESULT: 'none'}, 73 {ATTRIBUTE_POLICY: 'strict-origin-when-cross-origin', 74 NAME: 'preload-origin-in-meta-strict-origin-when-cross-origin-in-attr', 75 META_POLICY: 'origin', 76 DESC: 'preload-origin in meta strict-origin-when-cross-origin in attr', 77 REL: 'preload', 78 SCHEME_FROM: 'https', 79 SCHEME_TO: 'http', 80 RESULT: 'none'}, 81 82 // No downgrade. 83 {ATTRIBUTE_POLICY: 'no-referrer-when-downgrade', 84 NAME: 'preload-origin-in-meta-downgrade-in-attr', 85 META_POLICY: 'origin', 86 DESC: 'preload-origin in meta downgrade in attr', 87 REL: 'preload', 88 SCHEME_FROM: 'https', 89 SCHEME_TO: 'https', 90 RESULT: 'full'}, 91 92 {ATTRIBUTE_POLICY: 'origin', 93 NAME: 'preload-origin-with-no-meta', 94 META_POLICY: '', 95 REL: 'preload', 96 DESC: "preload-origin with no meta", 97 RESULT: 'origin'}, 98 99 {ATTRIBUTE_POLICY: 'strict-origin', 100 NAME: 'preload-origin-in-meta-strict-origin-in-attr', 101 META_POLICY: 'origin', 102 DESC: 'preload-origin in meta strict-origin in attr', 103 REL: 'preload', 104 SCHEME_FROM: 'https', 105 SCHEME_TO: 'https', 106 RESULT: 'origin'}, 107 {ATTRIBUTE_POLICY: 'strict-origin-when-cross-origin', 108 NAME: 'preload-origin-in-meta-strict-origin-when-cross-origin-in-attr', 109 META_POLICY: 'origin', 110 DESC: 'preload-origin in meta strict-origin-when-cross-origin in attr', 111 REL: 'preload', 112 SCHEME_FROM: 'https', 113 SCHEME_TO: 'https', 114 RESULT: 'full'}, 115 116 // Cross origin 117 {ATTRIBUTE_POLICY: 'origin-when-cross-origin', 118 NAME: 'preload-origin-when-cross-origin-with-no-meta', 119 META_POLICY: '', 120 SCHEME_FROM: 'https', 121 SCHEME_TO: 'http', 122 REL: 'preload', 123 DESC: "preload-origin-when-cross-origin with no meta", 124 RESULT: 'origin'}, 125 {ATTRIBUTE_POLICY: 'origin-when-cross-origin', 126 NAME: 'preload-origin-when-cross-origin-with-no-referrer-in-meta', 127 META_POLICY: 'no-referrer', 128 SCHEME_FROM: 'https', 129 SCHEME_TO: 'http', 130 REL: 'preload', 131 DESC: "preload-origin-when-cross-origin with no-referrer in meta", 132 RESULT: 'origin'}, 133 {ATTRIBUTE_POLICY: 'origin-when-cross-origin', 134 NAME: 'preload-origin-when-cross-origin-with-unsafe-url-in-meta', 135 META_POLICY: 'unsafe-url', 136 SCHEME_FROM: 'https', 137 SCHEME_TO: 'http', 138 REL: 'preload', 139 DESC: "preload-origin-when-cross-origin with unsafe-url in meta", 140 RESULT: 'origin'}, 141 {ATTRIBUTE_POLICY: 'origin-when-cross-origin', 142 NAME: 'preload-origin-when-cross-origin-with-origin-in-meta', 143 META_POLICY: 'origin', 144 SCHEME_FROM: 'https', 145 SCHEME_TO: 'http', 146 REL: 'preload', 147 DESC: "preload-origin-when-cross-origin with origin in meta", 148 RESULT: 'origin'}, 149 {ATTRIBUTE_POLICY: 'strict-origin-when-cross-origin', 150 NAME: 'preload-strict-origin-when-cross-origin-with-origin-in-meta', 151 META_POLICY: 'origin', 152 SCHEME_FROM: 'http', 153 SCHEME_TO: 'https', 154 REL: 'preload', 155 DESC: "preload-strict-origin-when-cross-origin with origin in meta", 156 RESULT: 'origin'}, 157 {ATTRIBUTE_POLICY: 'same-origin', 158 NAME: 'preload-same-origin-with-origin-in-meta', 159 META_POLICY: 'origin', 160 SCHEME_FROM: 'http', 161 SCHEME_TO: 'https', 162 REL: 'preload', 163 DESC: "preload-same-origin with origin in meta", 164 RESULT: 'none'}, 165 166 // Invalid 167 {ATTRIBUTE_POLICY: 'default', 168 NAME: 'preload-default-with-no-meta', 169 META_POLICY: '', 170 REL: 'preload', 171 DESC: "preload-default with no meta", 172 RESULT: 'full'}, 173 {ATTRIBUTE_POLICY: 'something', 174 NAME: 'preload-something-with-no-meta', 175 META_POLICY: '', 176 REL: 'preload', 177 DESC: "preload-something with no meta", 178 RESULT: 'full'}, 179 ]}, 180 181 {ACTION: ["generate-link-policy-test-set-attribute"], 182 TESTS: [ 183 {ATTRIBUTE_POLICY: 'unsafe-url', 184 NEW_ATTRIBUTE_POLICY: 'no-referrer', 185 NAME: 'preload-no-referrer-unsafe-url-set-attribute-with-origin-in-meta', 186 META_POLICY: 'origin', 187 REL: 'preload', 188 DESC: "preload-no-referrer-set-attribute (originally unsafe-url) with origin in meta", 189 RESULT: 'none'}, 190 {ATTRIBUTE_POLICY: 'origin', 191 NEW_ATTRIBUTE_POLICY: 'unsafe-url', 192 NAME: 'preload-unsafe-url-origin-set-attribute-with-no-referrer-in-meta', 193 META_POLICY: 'no-referrer', 194 REL: 'preload', 195 DESC: "preload-unsafe-url-set-attribute(originally origin) with no-referrer in meta", 196 RESULT: 'full'}, 197 ]}, 198 199 {ACTION: ["generate-link-policy-test-property"], 200 TESTS: [ 201 {ATTRIBUTE_POLICY: 'no-referrer', 202 NEW_ATTRIBUTE_POLICY: 'unsafe-url', 203 NAME: 'preload-unsafe-url-no-referrer-property-with-origin-in-meta', 204 META_POLICY: 'origin', 205 REL: 'preload', 206 DESC: "preload-unsafe-url-property (originally no-referrer) with origin in meta", 207 RESULT: 'full'}, 208 {ATTRIBUTE_POLICY: 'origin', 209 NEW_ATTRIBUTE_POLICY: 'unsafe-url', 210 NAME: 'preload-unsafe-url-origin-property-with-no-referrer-in-meta', 211 META_POLICY: 'no-referrer', 212 REL: 'preload', 213 DESC: "preload-unsafe-url-property (originally origin) with no-referrer in meta", 214 RESULT: 'full'}, 215 ]}, 216 { 217 // All previos tests with SCHEME_FROM: 'https' and SCHEME_TO: 'http', 218 // this time with mixed content upgrading enabled. 219 ACTION: ["generate-link-policy-test"], 220 PREFS: [ 221 ["dom.security.https_first", false], 222 ["security.mixed_content.upgrade_display_content", true], 223 ], 224 TESTS: [ 225 // Downgrade. 226 {ATTRIBUTE_POLICY: 'no-referrer-when-downgrade', 227 NAME: 'preload-origin-in-meta-downgrade-in-attr-upgraded', 228 META_POLICY: 'origin', 229 DESC: 'preload-origin in meta downgrade in attr (upgraded)', 230 REL: 'preload', 231 SCHEME_FROM: 'https', 232 SCHEME_TO: 'http', 233 RESULT: 'full'}, 234 {ATTRIBUTE_POLICY: 'strict-origin', 235 NAME: 'preload-origin-in-meta-strict-origin-in-attr-upgraded', 236 META_POLICY: 'origin', 237 DESC: 'preload-origin in meta strict-origin in attr (upgraded)', 238 REL: 'preload', 239 SCHEME_FROM: 'https', 240 SCHEME_TO: 'http', 241 RESULT: 'origin'}, 242 {ATTRIBUTE_POLICY: 'strict-origin-when-cross-origin', 243 NAME: 'preload-origin-in-meta-strict-origin-when-cross-origin-in-attr-upgraded', 244 META_POLICY: 'origin', 245 DESC: 'preload-origin in meta strict-origin-when-cross-origin in attr (upgraded)', 246 REL: 'preload', 247 SCHEME_FROM: 'https', 248 SCHEME_TO: 'http', 249 RESULT: 'full'}, 250 251 // Cross origin 252 {ATTRIBUTE_POLICY: 'origin-when-cross-origin', 253 NAME: 'preload-origin-when-cross-origin-with-no-meta-upgraded', 254 META_POLICY: '', 255 SCHEME_FROM: 'https', 256 SCHEME_TO: 'http', 257 REL: 'preload', 258 DESC: "preload-origin-when-cross-origin with no meta (upgraded)", 259 RESULT: 'full'}, 260 {ATTRIBUTE_POLICY: 'origin-when-cross-origin', 261 NAME: 'preload-origin-when-cross-origin-with-no-referrer-in-meta-upgraded', 262 META_POLICY: 'no-referrer', 263 SCHEME_FROM: 'https', 264 SCHEME_TO: 'http', 265 REL: 'preload', 266 DESC: "preload-origin-when-cross-origin with no-referrer in meta (upgraded)", 267 RESULT: 'full'}, 268 {ATTRIBUTE_POLICY: 'origin-when-cross-origin', 269 NAME: 'preload-origin-when-cross-origin-with-unsafe-url-in-meta-upgraded-upgraded', 270 META_POLICY: 'unsafe-url', 271 SCHEME_FROM: 'https', 272 SCHEME_TO: 'http', 273 REL: 'preload', 274 DESC: "preload-origin-when-cross-origin with unsafe-url in meta (upgraded)", 275 RESULT: 'full'}, 276 {ATTRIBUTE_POLICY: 'origin-when-cross-origin', 277 NAME: 'preload-origin-when-cross-origin-with-origin-in-meta-upgraded-upgraded', 278 META_POLICY: 'origin', 279 SCHEME_FROM: 'https', 280 SCHEME_TO: 'http', 281 REL: 'preload', 282 DESC: "preload-origin-when-cross-origin with origin in meta (upgraded)", 283 RESULT: 'full'}, 284 ] 285 } 286 ]; 287 288 </script> 289 <script type="application/javascript" src="/tests/dom/base/test/referrer_helper.js"></script> 290 </head> 291 <body onload="tests.next();"> 292 <iframe id="testframe"></iframe> 293 </body> 294 </html>