tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

referrer.any.js (2118B)

      1 // META: script=../resources/utils.js
      2 // META: script=/common/get-host-info.sub.js
      3 
      4 function runTest(url, init, expectedReferrer, title) {
      5    promise_test(function(test) {
      6        url += (url.indexOf('?') !== -1 ? '&' : '?') + "headers=referer&cors";
      7 
      8        return fetch(url , init).then(function(resp) {
      9            assert_equals(resp.status, 200, "HTTP status is 200");
     10            assert_equals(resp.headers.get("x-request-referer"), expectedReferrer, "Request's referrer is correct");
     11        });
     12    }, title);
     13 }
     14 
     15 var fetchedUrl = RESOURCES_DIR + "inspect-headers.py";
     16 var corsFetchedUrl = get_host_info().HTTP_REMOTE_ORIGIN  + dirname(location.pathname) + RESOURCES_DIR + "inspect-headers.py";
     17 var redirectUrl = RESOURCES_DIR + "redirect.py?location=" ;
     18 var corsRedirectUrl = get_host_info().HTTP_REMOTE_ORIGIN + dirname(location.pathname) + RESOURCES_DIR + "redirect.py?location=";
     19 
     20 runTest(fetchedUrl, { referrerPolicy: "origin-when-cross-origin"}, location.toString(), "origin-when-cross-origin policy on a same-origin URL");
     21 runTest(corsFetchedUrl, { referrerPolicy: "origin-when-cross-origin"}, get_host_info().HTTP_ORIGIN + "/", "origin-when-cross-origin policy on a cross-origin URL");
     22 runTest(redirectUrl + corsFetchedUrl, { referrerPolicy: "origin-when-cross-origin"}, get_host_info().HTTP_ORIGIN + "/", "origin-when-cross-origin policy on a cross-origin URL after same-origin redirection");
     23 runTest(corsRedirectUrl + fetchedUrl, { referrerPolicy: "origin-when-cross-origin"}, get_host_info().HTTP_ORIGIN + "/", "origin-when-cross-origin policy on a same-origin URL after cross-origin redirection");
     24 
     25 
     26 var referrerUrlWithCredentials = get_host_info().HTTP_ORIGIN.replace("http://", "http://username:password@");
     27 runTest(fetchedUrl, {referrer: referrerUrlWithCredentials}, get_host_info().HTTP_ORIGIN + "/", "Referrer with credentials should be stripped");
     28 var referrerUrlWithFragmentIdentifier = get_host_info().HTTP_ORIGIN + "#fragmentIdentifier";
     29 runTest(fetchedUrl, {referrer: referrerUrlWithFragmentIdentifier}, get_host_info().HTTP_ORIGIN + "/", "Referrer with fragment ID should be stripped");