tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

popup-inheritance-about-blank.html (4856B)

      1 <!doctype html>
      2 <meta charset="utf-8">
      3 <title>Referrer Policy: popup src="about:blank"</title>
      4 <script src="/resources/testharness.js"></script>
      5 <script src="/resources/testharnessreport.js"></script>
      6 <meta name="referrer" content="origin">
      7 <body>
      8 <script>
      9 const testFetchClientReferrer =
     10  async_test("The fetch() API in an about:blank popup with the 'client' " +
     11             "referrer is fetched with no 'Referer' header");
     12 const testFetchURLReferrer =
     13  async_test("The fetch() API in an about:blank popup with a custom URL " +
     14             "referrer is fetched with a 'Referer` header that uses the " +
     15             "outer document's URL along with its referrer policy");
     16 const testDocumentReferrer =
     17  async_test("The value of document.referrer in an about:blank popup is the " +
     18             "outer document's full URL, regardless of referrer policy");
     19 const testSubresource =
     20  async_test("A subresource fetched from an about:blank popup is fetched " +
     21             "with no 'Referer' header");
     22 
     23 window.addEventListener("message", msg => {
     24  const test_name = msg.data.test;
     25  const referrer = msg.data.referrer;
     26  if (test_name === "testFetchClientReferrer") {
     27    // Because the URL of the document of the popup opened through
     28    // `window.open()` is "about:blank", the stripped URL is no referrer:
     29    // https://w3c.github.io/webappsec-referrer-policy/#strip-url.
     30    testFetchClientReferrer.step_func_done(() => {
     31      assert_equals(referrer, undefined);
     32    })();
     33  } else if (test_name === "testFetchURLReferrer") {
     34    // The "about:blank" popup inherits its opener's referrer policy.
     35    // Note: Setting an explicit URL as referrer is allowed per spec because the
     36    // same-origin check at https://fetch.spec.whatwg.org/#dom-request is done
     37    // against the popup's origin, which inherits the opener document's origin.
     38    testFetchURLReferrer.step_func_done(() => {
     39      assert_equals(referrer, location.origin + '/');
     40    })();
     41  } else if (test_name === "testDocumentReferrer") {
     42    // The referrer of the initial document in an about:blank popup is set to
     43    // its creating document's URL, unredacted by a referrer policy, as per step
     44    // 17 of:
     45    // https://html.spec.whatwg.org/multipage/browsers.html#creating-a-new-browsing-context.
     46    testDocumentReferrer.step_func_done(() => {
     47      assert_equals(referrer, location.href);
     48    })();
     49  } else if (test_name === "testSubresource") {
     50    // Because the URL of the document of the popup is "about:blank", the
     51    // stripped URL is no referrer:
     52    // https://w3c.github.io/webappsec-referrer-policy/#strip-url.
     53    //
     54    // Note: this test is essentially the same as "testFetchClientReferrer" (the
     55    // only difference is that the fetch is not initiated by javascript).
     56    // Compared to the other test, we expect the empty string here instead of
     57    // `undefined` just because of a testing quirk.
     58    testSubresource.step_func_done(() => {
     59      assert_equals(referrer, "");
     60    })();
     61  }
     62 });
     63 
     64 const popup = window.open();
     65 const script = popup.document.createElement('script');
     66 
     67 script.textContent = `
     68  // Test fetch() API with default "client" referrer.
     69  fetch("${location.origin}/common/security-features/subresource/xhr.py?name=testFetchClientReferrer")
     70    .then(r => r.json())
     71    .then(j => {
     72        opener.postMessage({test: "testFetchClientReferrer", referrer: j.headers.referer}, "*")
     73      }).catch(e => {
     74        opener.postMessage({test: "testFetchClientReferrer", referrer: "FAILURE"}, "*");
     75      });
     76 
     77  // Test fetch() API with custom URL referrer.
     78  fetch("${location.origin}/common/security-features/subresource/xhr.py?name=URL",
     79      {referrer: "${location.href}/custom"})
     80    .then(r => r.json())
     81    .then(j => {
     82        opener.postMessage({test: "testFetchURLReferrer", referrer: j.headers.referer}, "*")
     83      }).catch(e => {
     84        opener.postMessage({test: "testFetchURLReferrer", referrer: "FAILURE"}, "*");
     85      });
     86 
     87  // Test document.referrer.
     88  opener.postMessage({test: "testDocumentReferrer", referrer: document.referrer}, "*");
     89 
     90  // Test a subresource being fetched by the popup.
     91  // This is practicallty the same as the first test: the only difference is
     92  // that here the fetch is not triggered by a javascript fetch function but by
     93  // a script element with a src tag embedded in the html source.
     94  const subresource_script = document.createElement('script');
     95  subresource_script.src = "${location.origin}/common/security-features/subresource/referrer.py";
     96  subresource_script.onload = e => {
     97    opener.postMessage({test: "testSubresource", referrer: window.referrer}, "*");
     98  }
     99  subresource_script.onerror = function(e) {
    100    opener.postMessage({test: "testSubresource", referrer: "FAILURE"}, "*");
    101  };
    102  document.head.appendChild(subresource_script);
    103 `;
    104 popup.document.body.appendChild(script);
    105 </script>