tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

refresh-same-url.html (2925B)

      1 <!doctype html>
      2 <meta charset="utf-8">
      3 <title>Same-URL Referrer Policy applied to Refresh</title>
      4 <link rel="help" href="https://bugzilla.mozilla.org/show_bug.cgi?id=266554">
      5 <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#determine-requests-referrer">
      6 <link rel="help" href="https://html.spec.whatwg.org/multipage/browsing-the-web.html#populating-a-session-history-entry:concept-request">
      7 <link rel="author" title="Zach Hoffman" href="mailto:zach@zrhoffman.net">
      8 <script src="/resources/testharness.js"></script>
      9 <script src="/resources/testharnessreport.js"></script>
     10 <script src="./resources/refresh-by-host.js"></script>
     11 <body>
     12 <script>
     13 const expectationsByPolicy = {
     14  "no-referrer": kExpectEmptyString,
     15  "no-referrer-when-downgrade": kExpectFullURL,
     16  "origin": kExpectOrigin,
     17  "origin-when-cross-origin": kExpectFullURL,
     18  "same-origin": kExpectFullURL,
     19  "strict-origin": kExpectOrigin,
     20  "strict-origin-when-cross-origin": kExpectFullURL,
     21  "unsafe-url": kExpectFullURL,
     22  "": kExpectFullURL,
     23 };
     24 
     25 refreshWithPoliciesSameURLTest(expectationsByPolicy);
     26 
     27 function refreshWithPoliciesSameURLTest(aExpectationsByPolicy) {
     28  Object.entries(aExpectationsByPolicy).forEach(([policy, expected]) =>
     29    Object.entries(kRefreshOptionsByDescription).forEach(([description, refreshFrom]) => {
     30      let expectedURL = new URL(refreshFrom, location).href;
     31      const originalURL = expectedURL + "?" + new URLSearchParams({url: expectedURL, policy});
     32      let expectedReferrer = location.href;
     33 
     34      promise_test(async t => {
     35        let loadCount = 0;
     36        const { promise: frameLoaded, resolve: resolveFrameLoaded } = Promise.withResolvers();
     37 
     38        const frame = document.createElement("iframe");
     39        try {
     40          frame.addEventListener("load", t.step_func(() => {
     41            loadCount++;
     42            try {
     43              if (loadCount === 1) {
     44                assert_equals(frame.contentWindow.location.href, originalURL, "original page loads");
     45                assert_equals(frame.contentDocument.referrer, expectedReferrer, "referrer is parent frame");
     46 
     47                expectedReferrer = referrerPolicyExpectationValue(expected, frame);
     48              } else if (loadCount === 2) {
     49                assert_equals(frame.contentWindow.location.href, expectedURL, "refresh page has expected URL");
     50                assert_equals(frame.contentDocument.referrer, expectedReferrer, "document referrer is same page");
     51              }
     52            } finally {
     53              if (loadCount === 2) {
     54                resolveFrameLoaded();
     55              }
     56            }
     57          }));
     58 
     59          frame.src = originalURL;
     60          document.body.appendChild(frame);
     61 
     62          await frameLoaded;
     63        } finally {
     64          frame.remove();
     65          t.done();
     66        }
     67      }, `same-URL ${description} with referrer policy "${policy}" refreshes with ${expected} as referrer`);
     68    }));
     69 }
     70 </script>