tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

preload-referrer-policy.html (4604B)

      1 <!DOCTYPE html>
      2 <meta charset=utf-8>
      3 <title>The preload's referrerpolicy attribute should be respected</title>
      4 <meta name="timeout" content="long">
      5 <script src="resources/dummy.js?link-header-preload2"></script>
      6 <script src="/common/get-host-info.sub.js"></script>
      7 <script src="/common/utils.js"></script>
      8 <script src="/resources/testharness.js"></script>
      9 <script src="/resources/testharnessreport.js"></script>
     10 <script src="/preload/resources/preload_helper.js"></script>
     11 <body>
     12    <p>The preload's referrerpolicy attribute should be respected,
     13    and consumed regardless of consumer referrer policy</p>
     14 <script>
     15 window.referrers = {};
     16 const {REMOTE_ORIGIN} = get_host_info();
     17 const loaders = {
     18    header: async (t, {preloadPolicy, resourcePolicy, href, id}) => {
     19        const iframe = document.createElement('iframe');
     20        const params = new URLSearchParams();
     21        params.set('href', href);
     22        params.set('resource-policy', resourcePolicy);
     23        if (preloadPolicy === '')
     24            params.set('preload-policy', '');
     25        else
     26            params.set('preload-policy', `referrerpolicy=${preloadPolicy}`);
     27        params.set('resource-name', 'link-header-referrer-policy.html');
     28        iframe.src = `resources/link-header-referrer-policy.py?${params.toString()}`;
     29        t.add_cleanup(() => iframe.remove());
     30        const done = new Promise(resolve => {
     31            window.addEventListener('message', ({data}) => {
     32                if (id in data.referrers)
     33                    resolve({actualReferrer: data.referrers[id], entries: data.entries});
     34            })
     35        });
     36        document.body.appendChild(iframe);
     37        const {actualReferrer, entries} = await done;
     38        return {actualReferrer, unsafe: iframe.src, entries};
     39    },
     40    element: async (t, {preloadPolicy, resourcePolicy, href, id}) => {
     41        const link = document.createElement('link');
     42        link.href = href;
     43        link.as = 'script';
     44        link.rel = 'preload';
     45        link.referrerPolicy = preloadPolicy;
     46        const preloaded = new Promise(resolve => link.addEventListener('load', resolve));
     47        t.add_cleanup(() => link.remove());
     48        document.head.appendChild(link);
     49        await preloaded;
     50        const script = document.createElement('script');
     51        script.src = href;
     52        script.referrerPolicy = resourcePolicy;
     53        const loaded = new Promise(resolve => script.addEventListener('load', resolve));
     54        document.body.appendChild(script);
     55        await loaded;
     56        return {unsafe: location.href, actualReferrer: window.referrers[id], entries: performance.getEntriesByName(script.src).length}
     57    },
     58 };
     59 
     60 function test_referrer_policy(preloadPolicy, resourcePolicy, crossOrigin, type) {
     61    promise_test(async t => {
     62        const id = token();
     63        const href = `${crossOrigin ? REMOTE_ORIGIN : ''}/preload/resources/echo-referrer.py?uid=${id}`;
     64        const {actualReferrer, unsafe, entries} = await loaders[type](t, {preloadPolicy, resourcePolicy, href, id})
     65        assert_equals(entries, 1);
     66        const origin = window.origin + '/';
     67        switch (preloadPolicy) {
     68            case '':
     69                assert_equals(actualReferrer, crossOrigin ? origin : unsafe);
     70                break;
     71 
     72            case 'no-referrer':
     73                assert_equals(actualReferrer, '');
     74                break;
     75 
     76            case 'same-origin':
     77                assert_equals(actualReferrer, crossOrigin ? '' : unsafe);
     78                break;
     79 
     80            case 'origin-when-cross-origin':
     81            case 'strict-origin-when-cross-origin':
     82                assert_equals(actualReferrer, crossOrigin ? origin : unsafe);
     83                break;
     84 
     85            case 'origin':
     86                assert_equals(actualReferrer, origin);
     87                break;
     88 
     89            case 'unsafe-url':
     90                assert_equals(actualReferrer, unsafe);
     91                break;
     92 
     93            default:
     94                assert_equals(actualReferrer, '');
     95                break;
     96 
     97        }
     98    }, `referrer policy (${preloadPolicy} -> ${resourcePolicy}, ${type}, ${crossOrigin ? 'cross-origin' : 'same-origin'})`)
     99 }
    100 const policies = [
    101 "",
    102 "no-referrer",
    103 "same-origin",
    104 "origin",
    105 "origin-when-cross-origin",
    106 "strict-origin-when-cross-origin",
    107 "unsafe-url"]
    108 
    109 for (const preloadPolicy of policies) {
    110    for (const resourcePolicy of policies) {
    111        for (const type of ['element', 'header']) {
    112            for (const crossOrigin of [true, false]) {
    113                test_referrer_policy(preloadPolicy, resourcePolicy, crossOrigin, type);
    114            }
    115        }
    116    }
    117 }
    118 
    119 </script>
    120 </body>