[ tor-browser ].git.dasho

test_referrer.js (9215B)
      1 "use strict";
      2 
      3 const ReferrerInfo = Components.Constructor(
      4  "@mozilla.org/referrer-info;1",
      5  "nsIReferrerInfo",
      6  "init"
      7 );
      8 
      9 function getTestReferrer(server_uri, referer_uri, isPrivate = false) {
     10  var uri = NetUtil.newURI(server_uri);
     11  let referrer = NetUtil.newURI(referer_uri);
     12  let principal = Services.scriptSecurityManager.createContentPrincipal(
     13    referrer,
     14    { privateBrowsingId: isPrivate ? 1 : 0 }
     15  );
     16  var chan = NetUtil.newChannel({
     17    uri,
     18    loadingPrincipal: principal,
     19    contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER,
     20    securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
     21  });
     22 
     23  chan.QueryInterface(Ci.nsIHttpChannel);
     24  chan.referrerInfo = new ReferrerInfo(
     25    Ci.nsIReferrerInfo.EMPTY,
     26    true,
     27    referrer
     28  );
     29  var header = null;
     30  try {
     31    header = chan.getRequestHeader("Referer");
     32  } catch (NS_ERROR_NOT_AVAILABLE) {}
     33  return header;
     34 }
     35 
     36 function run_test() {
     37  var prefs = Services.prefs;
     38 
     39  var server_uri = "http://bar.examplesite.com/path2";
     40  var server_uri_2 = "http://bar.example.com/anotherpath";
     41  var referer_uri = "http://foo.example.com/path";
     42  var referer_uri_2 = "http://bar.examplesite.com/path3?q=blah";
     43  var referer_uri_2_anchor = "http://bar.examplesite.com/path3?q=blah#anchor";
     44  var referer_uri_idn = "http://sub1.\xe4lt.example/path";
     45 
     46  // for https tests
     47  var server_uri_https = "https://bar.example.com/anotherpath";
     48  var referer_uri_https = "https://bar.example.com/path3?q=blah";
     49  var referer_uri_2_https = "https://bar.examplesite.com/path3?q=blah";
     50 
     51  // tests for sendRefererHeader
     52  prefs.setIntPref("network.http.sendRefererHeader", 0);
     53  Assert.equal(null, getTestReferrer(server_uri, referer_uri));
     54  prefs.setIntPref("network.http.sendRefererHeader", 2);
     55  Assert.equal(
     56    getTestReferrer(server_uri, referer_uri),
     57    "http://foo.example.com/"
     58  );
     59 
     60  // test that https ref is not sent to http
     61  Assert.equal(null, getTestReferrer(server_uri_2, referer_uri_https));
     62 
     63  // tests for referer.defaultPolicy
     64  prefs.setIntPref("network.http.referer.defaultPolicy", 0);
     65  Assert.equal(null, getTestReferrer(server_uri, referer_uri));
     66  prefs.setIntPref("network.http.referer.defaultPolicy", 1);
     67  Assert.equal(null, getTestReferrer(server_uri, referer_uri));
     68  Assert.equal(getTestReferrer(server_uri, referer_uri_2), referer_uri_2);
     69  prefs.setIntPref("network.http.referer.defaultPolicy", 2);
     70  Assert.equal(null, getTestReferrer(server_uri, referer_uri_https));
     71  Assert.equal(
     72    getTestReferrer(server_uri_https, referer_uri_https),
     73    referer_uri_https
     74  );
     75  Assert.equal(
     76    getTestReferrer(server_uri_https, referer_uri_2_https),
     77    "https://bar.examplesite.com/"
     78  );
     79  Assert.equal(getTestReferrer(server_uri, referer_uri_2), referer_uri_2);
     80  Assert.equal(
     81    getTestReferrer(server_uri, referer_uri),
     82    "http://foo.example.com/"
     83  );
     84  prefs.setIntPref("network.http.referer.defaultPolicy", 3);
     85  Assert.equal(getTestReferrer(server_uri, referer_uri), referer_uri);
     86  Assert.equal(null, getTestReferrer(server_uri_2, referer_uri_https));
     87 
     88  // tests for referer.defaultPolicy.pbmode
     89  prefs.setIntPref("network.http.referer.defaultPolicy.pbmode", 0);
     90  Assert.equal(null, getTestReferrer(server_uri, referer_uri, true));
     91  prefs.setIntPref("network.http.referer.defaultPolicy.pbmode", 1);
     92  Assert.equal(null, getTestReferrer(server_uri, referer_uri, true));
     93  Assert.equal(getTestReferrer(server_uri, referer_uri_2, true), referer_uri_2);
     94  prefs.setIntPref("network.http.referer.defaultPolicy.pbmode", 2);
     95  Assert.equal(null, getTestReferrer(server_uri, referer_uri_https, true));
     96  Assert.equal(
     97    getTestReferrer(server_uri_https, referer_uri_https, true),
     98    referer_uri_https
     99  );
    100  Assert.equal(
    101    getTestReferrer(server_uri_https, referer_uri_2_https, true),
    102    "https://bar.examplesite.com/"
    103  );
    104  Assert.equal(getTestReferrer(server_uri, referer_uri_2, true), referer_uri_2);
    105  Assert.equal(
    106    getTestReferrer(server_uri, referer_uri, true),
    107    "http://foo.example.com/"
    108  );
    109  prefs.setIntPref("network.http.referer.defaultPolicy.pbmode", 3);
    110  Assert.equal(getTestReferrer(server_uri, referer_uri, true), referer_uri);
    111  Assert.equal(null, getTestReferrer(server_uri_2, referer_uri_https, true));
    112 
    113  // tests for referer.spoofSource
    114  prefs.setBoolPref("network.http.referer.spoofSource", true);
    115  Assert.equal(getTestReferrer(server_uri, referer_uri), server_uri);
    116  prefs.setBoolPref("network.http.referer.spoofSource", false);
    117  Assert.equal(getTestReferrer(server_uri, referer_uri), referer_uri);
    118 
    119  // tests for referer.XOriginPolicy
    120  prefs.setIntPref("network.http.referer.XOriginPolicy", 2);
    121  Assert.equal(null, getTestReferrer(server_uri_2, referer_uri));
    122  Assert.equal(getTestReferrer(server_uri, referer_uri_2), referer_uri_2);
    123  prefs.setIntPref("network.http.referer.XOriginPolicy", 1);
    124  Assert.equal(getTestReferrer(server_uri_2, referer_uri), referer_uri);
    125  Assert.equal(null, getTestReferrer(server_uri, referer_uri));
    126  // https test
    127  Assert.equal(
    128    getTestReferrer(server_uri_https, referer_uri_https),
    129    referer_uri_https
    130  );
    131  prefs.setIntPref("network.http.referer.XOriginPolicy", 0);
    132  Assert.equal(getTestReferrer(server_uri, referer_uri), referer_uri);
    133 
    134  // tests for referer.trimmingPolicy
    135  prefs.setIntPref("network.http.referer.trimmingPolicy", 1);
    136  Assert.equal(
    137    getTestReferrer(server_uri, referer_uri_2),
    138    "http://bar.examplesite.com/path3"
    139  );
    140  Assert.equal(
    141    getTestReferrer(server_uri, referer_uri_idn),
    142    "http://sub1.xn--lt-uia.example/path"
    143  );
    144  prefs.setIntPref("network.http.referer.trimmingPolicy", 2);
    145  Assert.equal(
    146    getTestReferrer(server_uri, referer_uri_2),
    147    "http://bar.examplesite.com/"
    148  );
    149  Assert.equal(
    150    getTestReferrer(server_uri, referer_uri_idn),
    151    "http://sub1.xn--lt-uia.example/"
    152  );
    153  // https test
    154  Assert.equal(
    155    getTestReferrer(server_uri_https, referer_uri_https),
    156    "https://bar.example.com/"
    157  );
    158  prefs.setIntPref("network.http.referer.trimmingPolicy", 0);
    159  // test that anchor is lopped off in ordinary case
    160  Assert.equal(
    161    getTestReferrer(server_uri, referer_uri_2_anchor),
    162    referer_uri_2
    163  );
    164 
    165  // tests for referer.XOriginTrimmingPolicy
    166  prefs.setIntPref("network.http.referer.XOriginTrimmingPolicy", 1);
    167  Assert.equal(
    168    getTestReferrer(server_uri, referer_uri),
    169    "http://foo.example.com/path"
    170  );
    171  Assert.equal(
    172    getTestReferrer(server_uri, referer_uri_idn),
    173    "http://sub1.xn--lt-uia.example/path"
    174  );
    175  Assert.equal(
    176    getTestReferrer(server_uri, referer_uri_2),
    177    "http://bar.examplesite.com/path3?q=blah"
    178  );
    179  prefs.setIntPref("network.http.referer.trimmingPolicy", 1);
    180  Assert.equal(
    181    getTestReferrer(server_uri, referer_uri_2),
    182    "http://bar.examplesite.com/path3"
    183  );
    184  prefs.setIntPref("network.http.referer.XOriginTrimmingPolicy", 2);
    185  Assert.equal(
    186    getTestReferrer(server_uri, referer_uri),
    187    "http://foo.example.com/"
    188  );
    189  Assert.equal(
    190    getTestReferrer(server_uri, referer_uri_idn),
    191    "http://sub1.xn--lt-uia.example/"
    192  );
    193  Assert.equal(
    194    getTestReferrer(server_uri, referer_uri_2),
    195    "http://bar.examplesite.com/path3"
    196  );
    197  prefs.setIntPref("network.http.referer.trimmingPolicy", 0);
    198  Assert.equal(
    199    getTestReferrer(server_uri, referer_uri_2),
    200    "http://bar.examplesite.com/path3?q=blah"
    201  );
    202  // https tests
    203  Assert.equal(
    204    getTestReferrer(server_uri_https, referer_uri_https),
    205    "https://bar.example.com/path3?q=blah"
    206  );
    207  Assert.equal(
    208    getTestReferrer(server_uri_https, referer_uri_2_https),
    209    "https://bar.examplesite.com/"
    210  );
    211  prefs.setIntPref("network.http.referer.XOriginTrimmingPolicy", 0);
    212  // test that anchor is lopped off in ordinary case
    213  Assert.equal(
    214    getTestReferrer(server_uri, referer_uri_2_anchor),
    215    referer_uri_2
    216  );
    217 
    218  // test referrer length limitation
    219  // referer_uri's length is 27 and origin's length is 23
    220  prefs.setIntPref("network.http.referer.referrerLengthLimit", 27);
    221  Assert.equal(getTestReferrer(server_uri, referer_uri), referer_uri);
    222  prefs.setIntPref("network.http.referer.referrerLengthLimit", 26);
    223  Assert.equal(
    224    getTestReferrer(server_uri, referer_uri),
    225    "http://foo.example.com/"
    226  );
    227  prefs.setIntPref("network.http.referer.referrerLengthLimit", 22);
    228  Assert.equal(getTestReferrer(server_uri, referer_uri), null);
    229  prefs.setIntPref("network.http.referer.referrerLengthLimit", 0);
    230  Assert.equal(getTestReferrer(server_uri, referer_uri), referer_uri);
    231  prefs.setIntPref("network.http.referer.referrerLengthLimit", 4096);
    232  Assert.equal(getTestReferrer(server_uri, referer_uri), referer_uri);
    233 
    234  // combination test: send spoofed path-only when hosts match
    235  var combo_referer_uri = "http://blah.foo.com/path?q=hot";
    236  var dest_uri = "http://blah.foo.com:9999/spoofedpath?q=bad";
    237  prefs.setIntPref("network.http.referer.trimmingPolicy", 1);
    238  prefs.setBoolPref("network.http.referer.spoofSource", true);
    239  prefs.setIntPref("network.http.referer.XOriginPolicy", 2);
    240  Assert.equal(
    241    getTestReferrer(dest_uri, combo_referer_uri),
    242    "http://blah.foo.com:9999/spoofedpath"
    243  );
    244  Assert.equal(
    245    null,
    246    getTestReferrer(dest_uri, "http://gah.foo.com/anotherpath")
    247  );
    248 }
	tor-browser The Tor Browser
	git clone https://git.dasho.dev/tor-browser.git
	Log \| Files \| Refs \| README \| LICENSE