tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

iframe-inheritance-about-blank.html (4853B)

      1 <!doctype html>
      2 <meta charset="utf-8">
      3 <title>Referrer Policy: iframe src="about:blank"</title>
      4 <link rel="author" title="Hiroshige Hayashizaki" href="mailto:hiroshige@chromium.org">
      5 <link rel="author" title="Dom Farolino" href="mailto:dom@chromium.org">
      6 <script src="/resources/testharness.js"></script>
      7 <script src="/resources/testharnessreport.js"></script>
      8 <meta name="referrer" content="origin">
      9 <body>
     10 <script>
     11 const testFetchClientReferrer =
     12  async_test("The fetch() API in an about:blank iframe with the 'client' " +
     13             "referrer is fetched with no 'Referer' header");
     14 const testFetchURLReferrer =
     15  async_test("The fetch() API in an about:blank iframe with a custom URL " +
     16             "referrer is fetched with a 'Referer` header that uses the " +
     17             "outer document's URL along with its referrer policy");
     18 const testDocumentReferrer =
     19  async_test("The value of document.referrer in an about:blank iframe is the " +
     20             "outer document's full URL, regardless of referrer policy");
     21 const testSubresource =
     22  async_test("A subresource fetched from an about:blank iframe is fetched " +
     23             "with no 'Referer' header");
     24 
     25 window.addEventListener("message", msg => {
     26  const test_name = msg.data.test;
     27  const referrer = msg.data.referrer;
     28  if (test_name === "testFetchClientReferrer") {
     29    testFetchClientReferrer.step_func_done(() => {
     30      // Because the URL of the Document of <iframe src="about:blank"> is
     31      // "about:blank", the stripped URL is no referrer:
     32      // https://w3c.github.io/webappsec-referrer-policy/#strip-url.
     33      assert_equals(referrer, undefined);
     34    })();
     35  } else if (test_name === "testFetchURLReferrer") {
     36    // <iframe src="about:blank"> inherits its parent's referrer policy.
     37    // Note: Setting an explicit URL as referrer succeeds
     38    // because the same-origin check at
     39    // https://fetch.spec.whatwg.org/#dom-request
     40    // is done against <iframe>'s origin, which inherits the parent
     41    // Document's origin == location.orgin. Furthermore, since the iframe
     42    // inherits its parent's referrer policy, the URL should be restricted to
     43    // its origin.
     44    testFetchURLReferrer.step_func_done(() => {
     45      assert_equals(referrer, location.origin + '/');
     46    })();
     47  } else if (test_name === "testDocumentReferrer") {
     48    // The referrer of the initial document in an about:blank iframe is set to
     49    // its creating document's URL, unredacted by a referrer policy, as per step
     50    // 13 of:
     51    // https://html.spec.whatwg.org/multipage/browsers.html#creating-a-new-browsing-context.
     52    testDocumentReferrer.step_func_done(() => {
     53      assert_equals(referrer, location.href);
     54    })();
     55  } else if (test_name === "testSubresource") {
     56    // Because the URL of the Document of <iframe src="about:blank"> is
     57    // "about:blank", the stripped URL is no referrer:
     58    // https://w3c.github.io/webappsec-referrer-policy/#strip-url.
     59    testSubresource.step_func_done(() => {
     60      assert_equals(referrer, "");
     61    })();
     62  }
     63 });
     64 
     65 const iframe = document.createElement("iframe");
     66 
     67 iframe.addEventListener("load", function() {
     68  const iframe_script = iframe.contentDocument.createElement('script');
     69  iframe_script.textContent = `
     70    // Test fetch() API with default "client" referrer.
     71    fetch("${location.origin}/common/security-features/subresource/xhr.py?name=testFetchClientReferrer")
     72      .then(r => r.json())
     73      .then(j => {
     74          top.postMessage({test: "testFetchClientReferrer", referrer: j.headers.referer}, "*")
     75        }).catch(e => {
     76          top.postMessage({test: "testFetchClientReferrer", referrer: "FAILURE"}, "*");
     77        });
     78 
     79    // Test fetch() API with custom URL referrer.
     80    fetch("${location.origin}/common/security-features/subresource/xhr.py?name=URL",
     81        {referrer: "${location.href}/custom"})
     82      .then(r => r.json())
     83      .then(j => {
     84          top.postMessage({test: "testFetchURLReferrer", referrer: j.headers.referer}, "*")
     85        }).catch(e => {
     86          top.postMessage({test: "testFetchURLReferrer", referrer: "FAILURE"}, "*");
     87        });
     88 
     89    // Test document.referrer.
     90    top.postMessage({test: "testDocumentReferrer", referrer: document.referrer}, "*");
     91 
     92    // Test a subresource being fetched by the iframe.
     93    const subresource_script = document.createElement('script');
     94    subresource_script.src = "${location.origin}/common/security-features/subresource/referrer.py";
     95    subresource_script.onload = e => {
     96      top.postMessage({test: "testSubresource", referrer: window.referrer}, "*");
     97    }
     98    subresource_script.onerror = function(e) {
     99      top.postMessage({test: "testSubresource", referrer: "FAILURE"}, "*");
    100    };
    101    document.head.appendChild(subresource_script);
    102  `;
    103  iframe.contentDocument.body.appendChild(iframe_script);
    104 });
    105 
    106 document.body.appendChild(iframe);
    107 </script>