img_referrer_testserver.sjs (10031B)
1 var BASE_URL = 2 "example.com/tests/dom/security/test/referrer-policy/img_referrer_testserver.sjs"; 3 const IMG_BYTES = atob( 4 "iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12" + 5 "P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg==" 6 ); 7 8 function createTestUrl(aPolicy, aAction, aName, aContent) { 9 var content = aContent || "text"; 10 return ( 11 "http://" + 12 BASE_URL + 13 "?" + 14 "action=" + 15 aAction + 16 "&" + 17 "policy=" + 18 aPolicy + 19 "&" + 20 "name=" + 21 aName + 22 "&" + 23 "content=" + 24 content 25 ); 26 } 27 28 function createTestPage(aHead, aImgPolicy, aName) { 29 var _createTestUrl = createTestUrl.bind(null, aImgPolicy, "test", aName); 30 31 return ( 32 "<!DOCTYPE HTML>\n\ 33 <html>" + 34 aHead + 35 '<body>\n\ 36 <img src="' + 37 _createTestUrl("img") + 38 '" referrerpolicy="' + 39 aImgPolicy + 40 '" id="image"></img>\n\ 41 <script>' + 42 // LOAD EVENT (of the test) 43 // fires when the img resource for the page is loaded 44 'window.addEventListener("load", function() {\n\ 45 parent.postMessage("childLoadComplete", "http://mochi.test:8888");\n\ 46 }.bind(window), false);' + 47 "</script>\n\ 48 </body>\n\ 49 </html>" 50 ); 51 } 52 53 // Creates the following test cases for the specified referrer 54 // policy combination: 55 // <img> with referrer 56 function createTest(aPolicy, aImgPolicy, aName) { 57 var headString = "<head>"; 58 if (aPolicy) { 59 headString += '<meta name="referrer" content="' + aPolicy + '">'; 60 } 61 62 headString += "<script></script>"; 63 64 return createTestPage(headString, aImgPolicy, aName); 65 } 66 67 // testing regular load img with referrer policy 68 // speculative parser should not kick in here 69 function createTest2(aImgPolicy, name) { 70 return createTestPage("", aImgPolicy, name); 71 } 72 73 function createTest3(aImgPolicy1, aImgPolicy2, aImgPolicy3, aName) { 74 return ( 75 '<!DOCTYPE HTML>\n\ 76 <html>\n\ 77 <body>\n\ 78 <img src="' + 79 createTestUrl(aImgPolicy1, "test", aName + aImgPolicy1) + 80 '" referrerpolicy="' + 81 aImgPolicy1 + 82 '" id="image"></img>\n\ 83 <img src="' + 84 createTestUrl(aImgPolicy2, "test", aName + aImgPolicy2) + 85 '" referrerpolicy="' + 86 aImgPolicy2 + 87 '" id="image"></img>\n\ 88 <img src="' + 89 createTestUrl(aImgPolicy3, "test", aName + aImgPolicy3) + 90 '" referrerpolicy="' + 91 aImgPolicy3 + 92 '" id="image"></img>\n\ 93 <script>\n\ 94 var _numLoads = 0;' + 95 // LOAD EVENT (of the test) 96 // fires when the img resource for the page is loaded 97 'window.addEventListener("load", function() {\n\ 98 parent.postMessage("childLoadComplete", "http://mochi.test:8888");\n\ 99 }.bind(window), false);' + 100 "</script>\n\ 101 </body>\n\ 102 </html>" 103 ); 104 } 105 106 function createTestPage2(aHead, aPolicy, aName) { 107 return ( 108 "<!DOCTYPE HTML>\n\ 109 <html>" + 110 aHead + 111 '<body>\n\ 112 <img src="' + 113 createTestUrl(aPolicy, "test", aName) + 114 '" id="image"></img>\n\ 115 <script>' + 116 // LOAD EVENT (of the test) 117 // fires when the img resource for the page is loaded 118 'window.addEventListener("load", function() {\n\ 119 parent.postMessage("childLoadComplete", "http://mochi.test:8888");\n\ 120 }.bind(window), false);' + 121 "</script>\n\ 122 </body>\n\ 123 </html>" 124 ); 125 } 126 127 function createTestPage3(aHead, aPolicy, aName) { 128 return ( 129 "<!DOCTYPE HTML>\n\ 130 <html>" + 131 aHead + 132 "<body>\n\ 133 <script>" + 134 'var image = new Image();\n\ 135 image.src = "' + 136 createTestUrl(aPolicy, "test", aName, "image") + 137 '";\n\ 138 image.referrerPolicy = "' + 139 aPolicy + 140 '";\n\ 141 image.onload = function() {\n\ 142 window.parent.postMessage("childLoadComplete", "http://mochi.test:8888");\n\ 143 }\n\ 144 document.body.appendChild(image);' + 145 "</script>\n\ 146 </body>\n\ 147 </html>" 148 ); 149 } 150 151 function createTestPage4(aHead, aPolicy, aName) { 152 return ( 153 "<!DOCTYPE HTML>\n\ 154 <html>" + 155 aHead + 156 "<body>\n\ 157 <script>" + 158 'var image = new Image();\n\ 159 image.referrerPolicy = "' + 160 aPolicy + 161 '";\n\ 162 image.src = "' + 163 createTestUrl(aPolicy, "test", aName, "image") + 164 '";\n\ 165 image.onload = function() {\n\ 166 window.parent.postMessage("childLoadComplete", "http://mochi.test:8888");\n\ 167 }\n\ 168 document.body.appendChild(image);' + 169 "</script>\n\ 170 </body>\n\ 171 </html>" 172 ); 173 } 174 175 function createSetAttributeTest1(aPolicy, aImgPolicy, aName) { 176 var headString = "<head>"; 177 headString += '<meta name="referrer" content="' + aPolicy + '">'; 178 headString += "<script></script>"; 179 180 return createTestPage3(headString, aImgPolicy, aName); 181 } 182 183 function createSetAttributeTest2(aPolicy, aImgPolicy, aName) { 184 var headString = "<head>"; 185 headString += '<meta name="referrer" content="' + aPolicy + '">'; 186 headString += "<script></script>"; 187 188 return createTestPage4(headString, aImgPolicy, aName); 189 } 190 191 function createTest4(aPolicy, aName) { 192 var headString = "<head>"; 193 headString += '<meta name="referrer" content="' + aPolicy + '">'; 194 headString += "<script></script>"; 195 196 return createTestPage2(headString, aPolicy, aName); 197 } 198 199 function createTest5(aPolicy, aName) { 200 var headString = "<head>"; 201 headString += '<meta name="referrer" content="' + aPolicy + '">'; 202 203 return createTestPage2(headString, aPolicy, aName); 204 } 205 206 function handleRequest(request, response) { 207 var sharedKey = "img_referrer_testserver.sjs"; 208 var params = request.queryString.split("&"); 209 var action = params[0].split("=")[1]; 210 211 response.setHeader("Cache-Control", "no-cache", false); 212 response.setHeader("Content-Type", "text/html; charset=utf-8", false); 213 214 if (action === "resetState") { 215 let state = getSharedState(sharedKey); 216 state = {}; 217 setSharedState(sharedKey, JSON.stringify(state)); 218 response.write(""); 219 return; 220 } 221 if (action === "test") { 222 // ?action=test&policy=origin&name=name&content=content 223 let policy = params[1].split("=")[1]; 224 let name = params[2].split("=")[1]; 225 let content = params[3].split("=")[1]; 226 let result = getSharedState(sharedKey); 227 228 if (result === "") { 229 result = {}; 230 } else { 231 result = JSON.parse(result); 232 } 233 234 if (!result.tests) { 235 result.tests = {}; 236 } 237 238 var referrerLevel = "none"; 239 var test = {}; 240 if (request.hasHeader("Referer")) { 241 let referrer = request.getHeader("Referer"); 242 if (referrer.indexOf("img_referrer_testserver") > 0) { 243 referrerLevel = "full"; 244 } else if (referrer == "http://mochi.test:8888/") { 245 referrerLevel = "origin"; 246 } 247 test.referrer = request.getHeader("Referer"); 248 } else { 249 test.referrer = ""; 250 } 251 test.policy = referrerLevel; 252 test.expected = policy; 253 254 result.tests[name] = test; 255 256 setSharedState(sharedKey, JSON.stringify(result)); 257 258 if (content === "image") { 259 response.setHeader("Content-Type", "image/png"); 260 response.write(IMG_BYTES); 261 } 262 return; 263 } 264 if (action === "get-test-results") { 265 // ?action=get-result 266 response.write(getSharedState(sharedKey)); 267 return; 268 } 269 if (action === "generate-img-policy-test") { 270 // ?action=generate-img-policy-test&imgPolicy=b64-encoded-string&name=name&policy=b64-encoded-string 271 let imgPolicy = unescape(params[1].split("=")[1]); 272 let name = unescape(params[2].split("=")[1]); 273 let metaPolicy = ""; 274 if (params[3]) { 275 metaPolicy = params[3].split("=")[1]; 276 } 277 278 response.write(createTest(metaPolicy, imgPolicy, name)); 279 return; 280 } 281 if (action === "generate-img-policy-test2") { 282 // ?action=generate-img-policy-test2&imgPolicy=b64-encoded-string&name=name 283 let imgPolicy = unescape(params[1].split("=")[1]); 284 let name = unescape(params[2].split("=")[1]); 285 286 response.write(createTest2(imgPolicy, name)); 287 return; 288 } 289 if (action === "generate-img-policy-test3") { 290 // ?action=generate-img-policy-test3&imgPolicy1=b64-encoded-string&imgPolicy2=b64-encoded-string&imgPolicy3=b64-encoded-string&name=name 291 let imgPolicy1 = unescape(params[1].split("=")[1]); 292 let imgPolicy2 = unescape(params[2].split("=")[1]); 293 let imgPolicy3 = unescape(params[3].split("=")[1]); 294 let name = unescape(params[4].split("=")[1]); 295 296 response.write(createTest3(imgPolicy1, imgPolicy2, imgPolicy3, name)); 297 return; 298 } 299 if (action === "generate-img-policy-test4") { 300 // ?action=generate-img-policy-test4&imgPolicy=b64-encoded-string&name=name 301 let policy = unescape(params[1].split("=")[1]); 302 let name = unescape(params[2].split("=")[1]); 303 304 response.write(createTest4(policy, name)); 305 return; 306 } 307 if (action === "generate-img-policy-test5") { 308 // ?action=generate-img-policy-test5&policy=b64-encoded-string&name=name 309 let policy = unescape(params[1].split("=")[1]); 310 let name = unescape(params[2].split("=")[1]); 311 312 response.write(createTest5(policy, name)); 313 return; 314 } 315 316 if (action === "generate-setAttribute-test1") { 317 // ?action=generate-setAttribute-test1&policy=b64-encoded-string&name=name 318 let imgPolicy = unescape(params[1].split("=")[1]); 319 let policy = unescape(params[2].split("=")[1]); 320 let name = unescape(params[3].split("=")[1]); 321 322 response.write(createSetAttributeTest1(policy, imgPolicy, name)); 323 return; 324 } 325 326 if (action === "generate-setAttribute-test2") { 327 // ?action=generate-setAttribute-test2&policy=b64-encoded-string&name=name 328 let imgPolicy = unescape(params[1].split("=")[1]); 329 let policy = unescape(params[2].split("=")[1]); 330 let name = unescape(params[3].split("=")[1]); 331 332 response.write(createSetAttributeTest2(policy, imgPolicy, name)); 333 return; 334 } 335 336 response.write("I don't know action " + action); 337 }