tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_referrer_cross_origin.js (10174B)

      1 /* Any copyright is dedicated to the Public Domain.
      2 * http://creativecommons.org/publicdomain/zero/1.0/
      3 */
      4 "use strict";
      5 
      6 const ReferrerInfo = Components.Constructor(
      7  "@mozilla.org/referrer-info;1",
      8  "nsIReferrerInfo",
      9  "init"
     10 );
     11 
     12 function test_policy(test) {
     13  info("Running test: " + test.toSource());
     14 
     15  let prefs = Services.prefs;
     16 
     17  if (test.trimmingPolicy !== undefined) {
     18    prefs.setIntPref(
     19      "network.http.referer.trimmingPolicy",
     20      test.trimmingPolicy
     21    );
     22  } else {
     23    prefs.setIntPref("network.http.referer.trimmingPolicy", 0);
     24  }
     25 
     26  if (test.XOriginTrimmingPolicy !== undefined) {
     27    prefs.setIntPref(
     28      "network.http.referer.XOriginTrimmingPolicy",
     29      test.XOriginTrimmingPolicy
     30    );
     31  } else {
     32    prefs.setIntPref("network.http.referer.XOriginTrimmingPolicy", 0);
     33  }
     34 
     35  if (test.disallowRelaxingDefault) {
     36    prefs.setBoolPref(
     37      "network.http.referer.disallowCrossSiteRelaxingDefault",
     38      test.disallowRelaxingDefault
     39    );
     40  } else {
     41    prefs.setBoolPref(
     42      "network.http.referer.disallowCrossSiteRelaxingDefault",
     43      false
     44    );
     45  }
     46 
     47  let referrer = NetUtil.newURI(test.referrer);
     48  let triggeringPrincipal =
     49    Services.scriptSecurityManager.createContentPrincipal(referrer, {});
     50  let chan = NetUtil.newChannel({
     51    uri: test.url,
     52    loadingPrincipal: Services.scriptSecurityManager.getSystemPrincipal(),
     53    triggeringPrincipal,
     54    contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER,
     55    securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
     56  });
     57 
     58  chan.QueryInterface(Ci.nsIHttpChannel);
     59  chan.referrerInfo = new ReferrerInfo(test.policy, true, referrer);
     60 
     61  if (test.expectedReferrerSpec === undefined) {
     62    try {
     63      chan.getRequestHeader("Referer");
     64      do_throw("Should not find a Referer header!");
     65    } catch (e) {}
     66  } else {
     67    let header = chan.getRequestHeader("Referer");
     68    Assert.equal(header, test.expectedReferrerSpec);
     69  }
     70 }
     71 
     72 const nsIReferrerInfo = Ci.nsIReferrerInfo;
     73 var gTests = [
     74  // Test same origin policy w/o cross origin
     75  {
     76    policy: nsIReferrerInfo.SAME_ORIGIN,
     77    url: "https://test.example/foo?a",
     78    referrer: "https://test.example/foo?a",
     79    expectedReferrerSpec: "https://test.example/foo?a",
     80  },
     81  {
     82    policy: nsIReferrerInfo.SAME_ORIGIN,
     83    url: "https://test.example/foo?a",
     84    referrer: "https://foo.example/foo?a",
     85    expectedReferrerSpec: undefined,
     86  },
     87  {
     88    policy: nsIReferrerInfo.SAME_ORIGIN,
     89    trimmingPolicy: 1,
     90    url: "https://test.example/foo?a",
     91    referrer: "https://test.example/foo?a",
     92    expectedReferrerSpec: "https://test.example/foo",
     93  },
     94  {
     95    policy: nsIReferrerInfo.SAME_ORIGIN,
     96    trimmingPolicy: 1,
     97    url: "https://test.example/foo?a",
     98    referrer: "https://foo.example/foo?a",
     99    expectedReferrerSpec: undefined,
    100  },
    101  {
    102    policy: nsIReferrerInfo.SAME_ORIGIN,
    103    trimmingPolicy: 2,
    104    url: "https://test.example/foo?a",
    105    referrer: "https://test.example/foo?a",
    106    expectedReferrerSpec: "https://test.example/",
    107  },
    108  {
    109    policy: nsIReferrerInfo.SAME_ORIGIN,
    110    trimmingPolicy: 2,
    111    url: "https://test.example/foo?a",
    112    referrer: "https://foo.example/foo?a",
    113    expectedReferrerSpec: undefined,
    114  },
    115 
    116  // Test origin when xorigin policy w/o cross origin
    117  {
    118    policy: nsIReferrerInfo.ORIGIN_WHEN_CROSS_ORIGIN,
    119    url: "https://test.example/foo?a",
    120    referrer: "https://test.example/foo?a",
    121    expectedReferrerSpec: "https://test.example/foo?a",
    122  },
    123  {
    124    policy: nsIReferrerInfo.ORIGIN_WHEN_CROSS_ORIGIN,
    125    url: "https://test.example/foo?a",
    126    referrer: "https://foo.example/foo?a",
    127    expectedReferrerSpec: "https://foo.example/",
    128  },
    129  {
    130    policy: nsIReferrerInfo.ORIGIN_WHEN_CROSS_ORIGIN,
    131    trimmingPolicy: 1,
    132    url: "https://test.example/foo?a",
    133    referrer: "https://test.example/foo?a",
    134    expectedReferrerSpec: "https://test.example/foo",
    135  },
    136  {
    137    policy: nsIReferrerInfo.ORIGIN_WHEN_CROSS_ORIGIN,
    138    trimmingPolicy: 1,
    139    url: "https://test.example/foo?a",
    140    referrer: "https://foo.example/foo?a",
    141    expectedReferrerSpec: "https://foo.example/",
    142  },
    143  {
    144    policy: nsIReferrerInfo.ORIGIN_WHEN_CROSS_ORIGIN,
    145    trimmingPolicy: 2,
    146    url: "https://test.example/foo?a",
    147    referrer: "https://test.example/foo?a",
    148    expectedReferrerSpec: "https://test.example/",
    149  },
    150  {
    151    policy: nsIReferrerInfo.ORIGIN_WHEN_CROSS_ORIGIN,
    152    trimmingPolicy: 2,
    153    url: "https://test.example/foo?a",
    154    referrer: "https://foo.example/foo?a",
    155    expectedReferrerSpec: "https://foo.example/",
    156  },
    157  {
    158    policy: nsIReferrerInfo.ORIGIN_WHEN_CROSS_ORIGIN,
    159    XOriginTrimmingPolicy: 1,
    160    url: "https://test.example/foo?a",
    161    referrer: "https://test.example/foo?a",
    162    expectedReferrerSpec: "https://test.example/foo?a",
    163  },
    164  {
    165    policy: nsIReferrerInfo.ORIGIN_WHEN_CROSS_ORIGIN,
    166    XOriginTrimmingPolicy: 1,
    167    url: "https://test.example/foo?a",
    168    referrer: "https://foo.example/foo?a",
    169    expectedReferrerSpec: "https://foo.example/",
    170  },
    171  {
    172    policy: nsIReferrerInfo.ORIGIN_WHEN_CROSS_ORIGIN,
    173    XOriginTrimmingPolicy: 2,
    174    url: "https://test.example/foo?a",
    175    referrer: "https://test.example/foo?a",
    176    expectedReferrerSpec: "https://test.example/foo?a",
    177  },
    178  {
    179    policy: nsIReferrerInfo.ORIGIN_WHEN_CROSS_ORIGIN,
    180    XOriginTrimmingPolicy: 2,
    181    url: "https://test.example/foo?a",
    182    referrer: "https://foo.example/foo?a",
    183    expectedReferrerSpec: "https://foo.example/",
    184  },
    185 
    186  // Test strict origin when xorigin policy w/o cross origin
    187  {
    188    policy: nsIReferrerInfo.STRICT_ORIGIN_WHEN_CROSS_ORIGIN,
    189    url: "https://test.example/foo?a",
    190    referrer: "https://test.example/foo?a",
    191    expectedReferrerSpec: "https://test.example/foo?a",
    192  },
    193  {
    194    policy: nsIReferrerInfo.STRICT_ORIGIN_WHEN_CROSS_ORIGIN,
    195    url: "https://test.example/foo?a",
    196    referrer: "https://foo.example/foo?a",
    197    expectedReferrerSpec: "https://foo.example/",
    198  },
    199  {
    200    policy: nsIReferrerInfo.STRICT_ORIGIN_WHEN_CROSS_ORIGIN,
    201    url: "http://test.example/foo?a",
    202    referrer: "https://foo.example/foo?a",
    203    expectedReferrerSpec: undefined,
    204  },
    205  {
    206    policy: nsIReferrerInfo.STRICT_ORIGIN_WHEN_CROSS_ORIGIN,
    207    trimmingPolicy: 1,
    208    url: "https://test.example/foo?a",
    209    referrer: "https://test.example/foo?a",
    210    expectedReferrerSpec: "https://test.example/foo",
    211  },
    212  {
    213    policy: nsIReferrerInfo.STRICT_ORIGIN_WHEN_CROSS_ORIGIN,
    214    trimmingPolicy: 1,
    215    url: "https://test.example/foo?a",
    216    referrer: "https://foo.example/foo?a",
    217    expectedReferrerSpec: "https://foo.example/",
    218  },
    219  {
    220    policy: nsIReferrerInfo.STRICT_ORIGIN_WHEN_CROSS_ORIGIN,
    221    trimmingPolicy: 1,
    222    url: "http://test.example/foo?a",
    223    referrer: "https://foo.example/foo?a",
    224    expectedReferrerSpec: undefined,
    225  },
    226  {
    227    policy: nsIReferrerInfo.STRICT_ORIGIN_WHEN_CROSS_ORIGIN,
    228    trimmingPolicy: 2,
    229    url: "https://test.example/foo?a",
    230    referrer: "https://test.example/foo?a",
    231    expectedReferrerSpec: "https://test.example/",
    232  },
    233  {
    234    policy: nsIReferrerInfo.STRICT_ORIGIN_WHEN_CROSS_ORIGIN,
    235    trimmingPolicy: 2,
    236    url: "https://test.example/foo?a",
    237    referrer: "https://foo.example/foo?a",
    238    expectedReferrerSpec: "https://foo.example/",
    239  },
    240  {
    241    policy: nsIReferrerInfo.STRICT_ORIGIN_WHEN_CROSS_ORIGIN,
    242    trimmingPolicy: 2,
    243    url: "http://test.example/foo?a",
    244    referrer: "https://foo.example/foo?a",
    245    expectedReferrerSpec: undefined,
    246  },
    247  {
    248    policy: nsIReferrerInfo.STRICT_ORIGIN_WHEN_CROSS_ORIGIN,
    249    XOriginTrimmingPolicy: 1,
    250    url: "https://test.example/foo?a",
    251    referrer: "https://test.example/foo?a",
    252    expectedReferrerSpec: "https://test.example/foo?a",
    253  },
    254  {
    255    policy: nsIReferrerInfo.STRICT_ORIGIN_WHEN_CROSS_ORIGIN,
    256    XOriginTrimmingPolicy: 1,
    257    url: "https://test.example/foo?a",
    258    referrer: "https://foo.example/foo?a",
    259    expectedReferrerSpec: "https://foo.example/",
    260  },
    261  {
    262    policy: nsIReferrerInfo.STRICT_ORIGIN_WHEN_CROSS_ORIGIN,
    263    XOriginTrimmingPolicy: 1,
    264    url: "http://test.example/foo?a",
    265    referrer: "https://foo.example/foo?a",
    266    expectedReferrerSpec: undefined,
    267  },
    268  {
    269    policy: nsIReferrerInfo.STRICT_ORIGIN_WHEN_CROSS_ORIGIN,
    270    XOriginTrimmingPolicy: 2,
    271    url: "https://test.example/foo?a",
    272    referrer: "https://test.example/foo?a",
    273    expectedReferrerSpec: "https://test.example/foo?a",
    274  },
    275  {
    276    policy: nsIReferrerInfo.STRICT_ORIGIN_WHEN_CROSS_ORIGIN,
    277    XOriginTrimmingPolicy: 2,
    278    url: "https://test.example/foo?a",
    279    referrer: "https://foo.example/foo?a",
    280    expectedReferrerSpec: "https://foo.example/",
    281  },
    282  {
    283    policy: nsIReferrerInfo.STRICT_ORIGIN_WHEN_CROSS_ORIGIN,
    284    XOriginTrimmingPolicy: 2,
    285    url: "http://test.example/foo?a",
    286    referrer: "https://foo.example/foo?a",
    287    expectedReferrerSpec: undefined,
    288  },
    289 
    290  // Test mix and choose max of XOriginTrimmingPolicy and trimmingPolicy
    291  {
    292    policy: nsIReferrerInfo.UNSAFE_URL,
    293    XOriginTrimmingPolicy: 2,
    294    trimmingPolicy: 1,
    295    url: "https://test.example/foo?a",
    296    referrer: "https://test1.example/foo?a",
    297    expectedReferrerSpec: "https://test1.example/",
    298  },
    299  {
    300    policy: nsIReferrerInfo.UNSAFE_URL,
    301    XOriginTrimmingPolicy: 2,
    302    trimmingPolicy: 1,
    303    url: "https://test.example/foo?a",
    304    referrer: "https://test.example/foo?a",
    305    expectedReferrerSpec: "https://test.example/foo",
    306  },
    307  {
    308    policy: nsIReferrerInfo.UNSAFE_URL,
    309    XOriginTrimmingPolicy: 1,
    310    trimmingPolicy: 2,
    311    url: "https://test.example/foo?a",
    312    referrer: "https://test.example/foo?a",
    313    expectedReferrerSpec: "https://test.example/",
    314  },
    315  {
    316    policy: nsIReferrerInfo.UNSAFE_URL,
    317    XOriginTrimmingPolicy: 1,
    318    trimmingPolicy: 0,
    319    url: "https://test.example/foo?a",
    320    referrer: "https://test1.example/foo?a",
    321    expectedReferrerSpec: "https://test1.example/foo",
    322  },
    323 ];
    324 
    325 function run_test() {
    326  gTests.forEach(test => test_policy(test));
    327  Services.prefs.clearUserPref("network.http.referer.trimmingPolicy");
    328  Services.prefs.clearUserPref("network.http.referer.XOriginTrimmingPolicy");
    329  Services.prefs.clearUserPref(
    330    "network.http.referer.disallowCrossSiteRelaxingDefault"
    331  );
    332 }