tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

referrer-policy-not-accepted.https.html (2918B)

      1 <!DOCTYPE html>
      2 <title>Prefetch attempts with an unacceptable referrer policy</title>
      3 <script src="/resources/testharness.js"></script>
      4 <script src="/resources/testharnessreport.js"></script>
      5 <script src="/common/dispatcher/dispatcher.js"></script>
      6 <script src="/common/subset-tests.js"></script>
      7 <script src="/common/utils.js"></script>
      8 <script src="/common/get-host-info.sub.js"></script>
      9 <script src="../resources/utils.js"></script>
     10 <script src="resources/utils.sub.js"></script>
     11 
     12 <!--Split test cases due to the use of timeouts in speculation rules test utilities.-->
     13 <meta name="variant" content="?1-1">
     14 <meta name="variant" content="?2-2">
     15 <meta name="variant" content="?3-last">
     16 
     17 <script>
     18 "use strict";
     19 
     20 setup(() => assertSpeculationRulesIsSupported());
     21 
     22 subsetTest(promise_test, async t => {
     23  const agent = await spawnWindow(t);
     24  await agent.setReferrerPolicy("unsafe-url");
     25  const expectedReferrer = agent.getExecutorURL().href;
     26 
     27  const nextURL = agent.getExecutorURL({ page: 2 });
     28  await agent.forceSinglePrefetch(nextURL);
     29  await agent.navigate(nextURL);
     30 
     31  const headers = await agent.getRequestHeaders();
     32  // The referrer policy restriction does not apply to same-site prefetch.
     33  assert_prefetched(headers, "must be prefetched");
     34  assert_equals(headers.referer, expectedReferrer, "must send the full URL as the referrer");
     35 }, 'with "unsafe-url" referrer policy on same-site referring page');
     36 
     37 subsetTest(promise_test, async t => {
     38  const agent = await spawnWindow(t);
     39  await agent.setReferrerPolicy("unsafe-url");
     40  const expectedReferrer = agent.getExecutorURL().href;
     41 
     42  const nextURL = agent.getExecutorURL({ hostname: get_host_info().NOTSAMESITE_HOST, page: 2 });
     43  // This prefetch attempt should be ignored.
     44  await agent.forceSinglePrefetch(nextURL);
     45  await agent.navigate(nextURL);
     46 
     47  const headers = await agent.getRequestHeaders();
     48  assert_not_prefetched(headers, "must not be prefetched");
     49  assert_equals(headers.referer, expectedReferrer, "must send the full URL as the referrer");
     50 }, 'with "unsafe-url" referrer policy on cross-site referring page');
     51 
     52 subsetTest(promise_test, async t => {
     53  const agent = await spawnWindow(t);
     54  await agent.setReferrerPolicy("unsafe-url");
     55  const expectedReferrer = agent.getExecutorURL().href;
     56 
     57  const nextURL = agent.getExecutorURL({ hostname: get_host_info().NOTSAMESITE_HOST, page: 2 });
     58  // This prefetch attempt should be ignored.
     59  await agent.execute_script((url) => {
     60    addLink(url);
     61    insertDocumentRule();
     62  }, [nextURL]);
     63  await new Promise(resolve => t.step_timeout(resolve, 2000));
     64  await agent.navigate(nextURL);
     65 
     66  const headers = await agent.getRequestHeaders();
     67  assert_not_prefetched(headers, "must not be prefetched");
     68  assert_equals(headers.referer, expectedReferrer, "must send the full URL as the referrer");
     69 }, 'with "unsafe-url" referrer policy on cross-site referring page with document rule');
     70 </script>