tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

referrer-policy-from-rules.https.html (6584B)

      1 <!DOCTYPE html>
      2 <title>Prefetch with the referrer policy specified in speculation rules</title>
      3 <script src="/resources/testharness.js"></script>
      4 <script src="/resources/testharnessreport.js"></script>
      5 <script src="/common/dispatcher/dispatcher.js"></script>
      6 <script src="/common/subset-tests.js"></script>
      7 <script src="/common/utils.js"></script>
      8 <script src="/common/get-host-info.sub.js"></script>
      9 <script src="../resources/utils.js"></script>
     10 <script src="resources/utils.sub.js"></script>
     11 
     12 <!--Split test cases due to the use of timeouts in speculation rules test utilities.-->
     13 <meta name="variant" content="?1-1">
     14 <meta name="variant" content="?2-2">
     15 <meta name="variant" content="?3-3">
     16 <meta name="variant" content="?4-4">
     17 <meta name="variant" content="?5-5">
     18 <meta name="variant" content="?6-6">
     19 <meta name="variant" content="?7-7">
     20 <meta name="variant" content="?8-last">
     21 
     22 <script>
     23 "use strict";
     24 
     25 setup(() => assertSpeculationRulesIsSupported());
     26 
     27 subsetTest(promise_test, async t => {
     28  const agent = await spawnWindow(t);
     29  await agent.setReferrerPolicy("strict-origin-when-cross-origin");
     30  const expectedReferrer = agent.getExecutorURL().origin + "/";
     31 
     32  const nextURL = agent.getExecutorURL({ page: 2 });
     33  await agent.forceSinglePrefetch(nextURL, { referrer_policy: "strict-origin" });
     34  await agent.navigate(nextURL);
     35 
     36  const headers = await agent.getRequestHeaders();
     37  assert_prefetched(headers, "must be prefetched");
     38  assert_equals(headers.referer, expectedReferrer, "must send the origin as the referrer");
     39 }, 'with "strict-origin" referrer policy in rule set overriding "strict-origin-when-cross-origin" of referring page');
     40 
     41 subsetTest(promise_test, async t => {
     42  const agent = await spawnWindow(t);
     43  const next_url = agent.getExecutorURL({ page: 2 });
     44  await agent.execute_script((url) => {
     45    const a = addLink(url);
     46    a.referrerPolicy = 'no-referrer';
     47    insertDocumentRule(undefined, { referrer_policy: 'strict-origin' });
     48  }, [next_url]);
     49  await new Promise(resolve => t.step_timeout(resolve, 2000));
     50  await agent.navigate(next_url);
     51 
     52  const headers = await agent.getRequestHeaders();
     53  assert_prefetched(headers, 'must be prefetched');
     54  const expected_referrer = next_url.origin + '/';
     55  assert_equals(headers.referer, expected_referrer, 'must send the origin as the referrer');
     56 }, 'with "strict-origin" referrer policy in rule set override "no-referrer" of link');
     57 
     58 subsetTest(promise_test, async t => {
     59  const agent = await spawnWindow(t);
     60  await agent.setReferrerPolicy("unsafe-url");
     61 
     62  const nextURL = agent.getExecutorURL({ hostname: get_host_info().NOTSAMESITE_HOST, page: 2 });
     63  await agent.forceSinglePrefetch(nextURL, { referrer_policy: "no-referrer" });
     64  await agent.navigate(nextURL);
     65 
     66  // This referring page's referrer policy would not be eligible for
     67  // cross-site prefetching, but setting a sufficiently strict policy in the
     68  // rule allows for prefetching.
     69  const headers = await agent.getRequestHeaders();
     70  assert_prefetched(headers, "must be prefetched");
     71  assert_equals(headers.referer, undefined, "must send no referrer");
     72 }, 'with "no-referrer" referrer policy in rule set overriding "unsafe-url" of cross-site referring page');
     73 
     74 subsetTest(promise_test, async t => {
     75  const agent = await spawnWindow(t);
     76  await agent.setReferrerPolicy("strict-origin-when-cross-origin");
     77 
     78  const nextURL = agent.getExecutorURL({ page: 2 });
     79  await agent.forceSinglePrefetch(nextURL, { referrer_policy: "no-referrrrrrrer" });
     80  await agent.navigate(nextURL);
     81 
     82  const headers = await agent.getRequestHeaders();
     83  assert_not_prefetched(headers, "must not be prefetched");
     84 }, 'unrecognized policies invalidate the rule');
     85 
     86 subsetTest(promise_test, async t => {
     87  const agent = await spawnWindow(t);
     88  await agent.setReferrerPolicy("strict-origin");
     89  const expectedReferrer = agent.getExecutorURL().origin + "/";
     90 
     91  const nextURL = agent.getExecutorURL({ page: 2 });
     92  await agent.execute_script((url) => {
     93    const a = addLink(url);
     94    a.referrerPolicy = 'no-referrrrrrrer';
     95    insertDocumentRule();
     96  }, [nextURL]);
     97  await new Promise(resolve => t.step_timeout(resolve, 2000));
     98  await agent.navigate(nextURL);
     99 
    100  const headers = await agent.getRequestHeaders();
    101  assert_prefetched(headers, "must be prefetched");
    102  assert_equals(headers.referer, expectedReferrer, "must send the origin as the referrer");
    103 }, 'unrecognized policies in link referrerpolicy attribute are ignored');
    104 
    105 subsetTest(promise_test, async t => {
    106  const agent = await spawnWindow(t);
    107  await agent.setReferrerPolicy("strict-origin-when-cross-origin");
    108 
    109  const nextURL = agent.getExecutorURL({ page: 2 });
    110  await agent.forceSinglePrefetch(nextURL, { referrer_policy: "never" });
    111  await agent.navigate(nextURL);
    112 
    113  const headers = await agent.getRequestHeaders();
    114  assert_not_prefetched(headers, "must not be prefetched");
    115 }, 'treat legacy referrer policy values as invalid');
    116 
    117 subsetTest(promise_test, async t => {
    118  const agent = await spawnWindow(t);
    119  await agent.setReferrerPolicy("strict-origin");
    120  const expectedReferrer = agent.getExecutorURL().origin + "/";
    121 
    122  const nextURL = agent.getExecutorURL({ hostname: get_host_info().NOTSAMESITE_HOST, page: 2 });
    123  await agent.forceSinglePrefetch(nextURL, { referrer_policy: "unsafe-url" });
    124  await agent.navigate(nextURL);
    125 
    126  // This referring page's referrer policy would normally make it eligible for
    127  // cross-site prefetching, but setting an unacceptable policy in the rule
    128  // makes it ineligible.
    129  const headers = await agent.getRequestHeaders();
    130  assert_not_prefetched(headers, "must not be prefetched");
    131  assert_equals(headers.referer, expectedReferrer, "must send the origin as the referrer");
    132 }, 'with "unsafe-url" referrer policy in rule set overriding "strict-origin" of cross-site referring page');
    133 
    134 subsetTest(promise_test, async t => {
    135  const agent = await spawnWindow(t);
    136  await agent.setReferrerPolicy("strict-origin");
    137  const expectedReferrer = agent.getExecutorURL().origin + "/";
    138 
    139  const nextURL = agent.getExecutorURL({ page: 2 });
    140  // The empty string is a valid value for "referrer_policy" and will be
    141  // treated as if the key were omitted.
    142  await agent.forceSinglePrefetch(nextURL, { referrer_policy: "" });
    143  await agent.navigate(nextURL);
    144 
    145  const headers = await agent.getRequestHeaders();
    146  assert_prefetched(headers, "must be prefetched");
    147  assert_equals(headers.referer, expectedReferrer, "must send the origin as the referrer");
    148 }, 'with empty string referrer policy in rule set defaulting to "strict-origin" of referring page');
    149 </script>