/* * Test server for iframe, anchor, and area referrer attributes. * https://bugzilla.mozilla.org/show_bug.cgi?id=1175736 * Also server for further referrer tests such as redirecting tests * bug 1174913, bug 1175736, bug 1184781 */ Components.utils.importGlobalProperties(["URLSearchParams"]); const SJS = "referrer_testserver.sjs?"; const SJS_PATH = "/tests/dom/base/test/"; const BASE_ORIGIN = "example.com" const BASE_URL = BASE_ORIGIN + SJS_PATH + SJS; const SHARED_KEY = SJS; const SAME_ORIGIN = "mochi.test:8888" + SJS_PATH + SJS; const CROSS_ORIGIN_URL = "test1.example.com" + SJS_PATH + SJS; const IMG_BYTES = atob( "iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12" + "P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg=="); function createTestUrl(aPolicy, aAction, aName, aType, aSchemeFrom, aSchemeTo, crossOrigin, referrerPolicyHeader) { var schemeTo = aSchemeTo || "http"; var schemeFrom = aSchemeFrom || "http"; var rpHeader = referrerPolicyHeader || ""; var url = schemeTo + "://"; url += (crossOrigin ? CROSS_ORIGIN_URL : BASE_URL); url += "ACTION=" + aAction + "&" + "policy=" + aPolicy + "&" + "NAME=" + aName + "&" + "type=" + aType + "&" + "RP_HEADER=" + rpHeader + "&" + "SCHEME_FROM=" + schemeFrom; return url; } // test page using iframe referrer attribute // if aParams are set this creates a test where the iframe url is a redirect function createIframeTestPageUsingRefferer(aMetaPolicy, aAttributePolicy, aNewAttributePolicy, aName, aParams, aSchemeFrom, aSchemeTo, aChangingMethod) { var metaString = ""; if (aMetaPolicy) { metaString = ``; } var changeString = ""; if (aChangingMethod === "setAttribute") { changeString = `document.getElementById("myframe").setAttribute("referrerpolicy", "${aNewAttributePolicy}")`; } else if (aChangingMethod === "property") { changeString = `document.getElementById("myframe").referrerPolicy = "${aNewAttributePolicy}"`; } var iFrameString = ``; var iframeUrl = ""; if (aParams) { aParams.delete("ACTION"); aParams.append("ACTION", "redirectIframe"); iframeUrl = "http://" + CROSS_ORIGIN_URL + aParams.toString(); } else { iframeUrl = createTestUrl(aAttributePolicy, "test", aName, "iframe", aSchemeFrom, aSchemeTo); } return ` ${metaString} ${iFrameString} `; } function buildAnchorString(aMetaPolicy, aReferrerPolicy, aName, aRelString, aSchemeFrom, aSchemeTo){ if (aReferrerPolicy) { return `${aReferrerPolicy}`; } return `link`; } function buildAreaString(aMetaPolicy, aReferrerPolicy, aName, aRelString, aSchemeFrom, aSchemeTo){ var result = `image`; result += ``; if (aReferrerPolicy) { result += `theArea`; } else { result += `theArea`; } result += ``; return result; } // test page using anchor or area referrer attribute function createAETestPageUsingRefferer(aMetaPolicy, aAttributePolicy, aNewAttributePolicy, aName, aRel, aStringBuilder, aSchemeFrom, aSchemeTo, aChangingMethod) { var metaString = ""; if (aMetaPolicy) { metaString = ``; } var changeString = ""; if (aChangingMethod === "setAttribute") { changeString = `document.getElementById("link").setAttribute("referrerpolicy", "${aNewAttributePolicy}")`; } else if (aChangingMethod === "property") { changeString = `document.getElementById("link").referrerPolicy = "${aNewAttributePolicy}"`; } var relString = ""; if (aRel) { relString = `rel="noreferrer"`; } var elementString = aStringBuilder(aMetaPolicy, aAttributePolicy, aName, relString, aSchemeFrom, aSchemeTo); return ` ${metaString} ${elementString} `; } // test page using anchor target=_blank rel=noopener function createTargetBlankRefferer(aMetaPolicy, aName, aSchemeFrom, aSchemeTo, aRpHeader) { var metaString = ""; if (aMetaPolicy) { metaString = ``; } var elementString = `link`; return ` ${metaString} ${elementString} `; } // creates test page with img that is a redirect function createRedirectImgTestCase(aParams, aAttributePolicy) { var metaString = ""; if (aParams.has("META_POLICY")) { metaString = ``; } aParams.delete("ACTION"); aParams.append("ACTION", "redirectImg"); var imgUrl = "http://" + CROSS_ORIGIN_URL + aParams.toString(); return ` ${metaString} Test referrer policies on redirect (img) `; } // test page using link referrer attribute function createLinkPageUsingRefferer(aMetaPolicy, aAttributePolicy, aNewAttributePolicy, aName, aRel, aStringBuilder, aSchemeFrom, aSchemeTo, aTestType) { var metaString = ""; if (aMetaPolicy) { metaString = ``; } var changeString = ""; var policy = aAttributePolicy ? aAttributePolicy : aMetaPolicy; var elementString = aStringBuilder(policy, aName, aRel, aSchemeFrom, aSchemeTo, aTestType); if (aTestType === "setAttribute") { changeString = `var link = document.getElementById("test_link"); link.setAttribute("referrerpolicy", "${aNewAttributePolicy}"); link.href = "${createTestUrl(policy, "test", aName, "link_element_" + aRel, aSchemeFrom, aSchemeTo)}";`; } else if (aTestType === "property") { changeString = `var link = document.getElementById("test_link"); link.referrerPolicy = "${aNewAttributePolicy}"; link.href = "${createTestUrl(policy, "test", aName, "link_element_" + aRel, aSchemeFrom, aSchemeTo)}";`; } return ` ${metaString} ${elementString} `; } function createFetchUserControlRPTestCase(aName, aSchemeFrom, aSchemeTo, crossOrigin) { var srcUrl = createTestUrl("", "test", aName, "fetch", aSchemeFrom, aSchemeTo, crossOrigin); return ` Test user control referrer policies `; } function buildLinkString(aPolicy, aName, aRel, aSchemeFrom, aSchemeTo, aTestType) { var href = ''; var onChildComplete = `window.parent.postMessage("childLoadComplete", "http://mochi.test:8888");` var policy = ''; var asString = ''; var relString = ''; if (aRel) { relString = `rel="${aRel}"`; } if (aPolicy) { policy = `referrerpolicy=${aPolicy}`; } if (aRel == "preload") { asString = 'as="image"'; } if (!aTestType) { href = `href=${createTestUrl(aPolicy, "test", aName, "link_element_" + aRel, aSchemeFrom, aSchemeTo)}`; } return ``; } function handleRequest(request, response) { var params = new URLSearchParams(request.queryString); var action = params.get("ACTION"); var schemeFrom = params.get("SCHEME_FROM") || "http"; var schemeTo = params.get("SCHEME_TO") || "http"; var crossOrigin = params.get("CROSS_ORIGIN") || false; var referrerPolicyHeader = params.get("RP_HEADER") || ""; response.setHeader("Access-Control-Allow-Origin", "*", false); if (referrerPolicyHeader) { response.setHeader("Referrer-Policy", referrerPolicyHeader, false); } if (action === "resetState") { setSharedState(SHARED_KEY, "{}"); response.write(""); return; } if (action === "get-test-results") { // ?action=get-result response.setHeader("Cache-Control", "no-cache", false); response.setHeader("Content-Type", "text/plain", false); response.write(getSharedState(SHARED_KEY)); return; } if (action === "redirect") { response.write(''); return; } if (action === "redirectImg"){ params.delete("ACTION"); params.append("ACTION", "test"); params.append("type", "img"); // 302 found, 301 Moved Permanently, 303 See Other, 307 Temporary Redirect response.setStatusLine("1.1", 302, "found"); response.setHeader("Location", "http://" + CROSS_ORIGIN_URL + params.toString(), false); return; } if (action === "redirectIframe"){ params.delete("ACTION"); params.append("ACTION", "test"); params.append("type", "iframe"); // 302 found, 301 Moved Permanently, 303 See Other, 307 Temporary Redirect response.setStatusLine("1.1", 302, "found"); response.setHeader("Location", "http://" + CROSS_ORIGIN_URL + params.toString(), false); return; } if (action === "test") { // ?action=test&policy=origin&name=name var policy = params.get("policy"); var name = params.get("NAME"); var type = params.get("type"); var result = getSharedState(SHARED_KEY); result = result ? JSON.parse(result) : {}; var referrerLevel = "none"; var test = {} if (request.hasHeader("Referer")) { var referrer = request.getHeader("Referer"); if (referrer.indexOf("referrer_testserver") > 0) { referrerLevel = "full"; } else if (referrer.indexOf(schemeFrom + "://example.com") == 0) { referrerLevel = "origin"; } else { // this is never supposed to happen referrerLevel = "other-origin"; } test.referrer = referrer; } else { test.referrer = ""; } test.policy = referrerLevel; test.expected = policy; result[name] = test; setSharedState(SHARED_KEY, JSON.stringify(result)); if (type === "img" || type == "link_element_preload") { // return image response.setHeader("Content-Type", "image/png"); response.write(IMG_BYTES); return; } if (type === "iframe") { // return iframe page response.write("I am the iframe"); return; } if (type === "link") { // forward link click to redirect URL to finish test var loc = "http://" + BASE_URL + "ACTION=redirect"; response.setStatusLine("1.1", 302, "Found"); response.setHeader("Location", loc, false); } return; } response.setHeader("Cache-Control", "no-cache", false); response.setHeader("Content-Type", "text/html; charset=utf-8", false); // parse test arguments and start test var attributePolicy = params.get("ATTRIBUTE_POLICY") || ""; var newAttributePolicy = params.get("NEW_ATTRIBUTE_POLICY") || ""; var metaPolicy = params.get("META_POLICY") || ""; var rel = params.get("REL") || ""; var name = params.get("NAME"); // anchor & area var _getPage = createAETestPageUsingRefferer.bind(null, metaPolicy, attributePolicy, newAttributePolicy, name, rel); var _getAnchorPage = _getPage.bind(null, buildAnchorString, schemeFrom, schemeTo); var _getAreaPage = _getPage.bind(null, buildAreaString, schemeFrom, schemeTo); // aMetaPolicy, aAttributePolicy, aNewAttributePolicy, aName, aChangingMethod, aStringBuilder if (action === "generate-anchor-policy-test") { response.write(_getAnchorPage()); return; } if (action === "generate-anchor-changing-policy-test-set-attribute") { response.write(_getAnchorPage("setAttribute")); return; } if (action === "generate-anchor-changing-policy-test-property") { response.write(_getAnchorPage("property")); return; } if (action === "generate-area-policy-test") { response.write(_getAreaPage()); return; } if (action === "generate-area-changing-policy-test-set-attribute") { response.write(_getAreaPage("setAttribute")); return; } if (action === "generate-area-changing-policy-test-property") { response.write(_getAreaPage("property")); return; } if (action === "generate-anchor-target-blank-policy-test") { response.write(createTargetBlankRefferer(metaPolicy, name, schemeFrom, schemeTo, referrerPolicyHeader)); return; } // iframe _getPage = createIframeTestPageUsingRefferer.bind(null, metaPolicy, attributePolicy, newAttributePolicy, name, "", schemeFrom, schemeTo); // aMetaPolicy, aAttributePolicy, aNewAttributePolicy, aName, aChangingMethod if (action === "generate-iframe-policy-test") { response.write(_getPage()); return; } if (action === "generate-iframe-changing-policy-test-set-attribute") { response.write(_getPage("setAttribute")); return; } if (action === "generate-iframe-changing-policy-test-property") { response.write(_getPage("property")); return; } // redirect tests with img and iframe if (action === "generate-img-redirect-policy-test") { response.write(createRedirectImgTestCase(params, attributePolicy)); return; } if (action === "generate-iframe-redirect-policy-test") { response.write(createIframeTestPageUsingRefferer(metaPolicy, attributePolicy, newAttributePolicy, name, params, schemeFrom, schemeTo)); return; } var _getPage = createLinkPageUsingRefferer.bind(null, metaPolicy, attributePolicy, newAttributePolicy, name, rel); var _getLinkPage = _getPage.bind(null, buildLinkString, schemeFrom, schemeTo); // link if (action === "generate-link-policy-test") { response.write(_getLinkPage()); return; } if (action === "generate-link-policy-test-set-attribute") { response.write(_getLinkPage("setAttribute")); return; } if (action === "generate-link-policy-test-property") { response.write(_getLinkPage("property")); return; } if (action === "generate-fetch-user-control-policy-test") { response.write(createFetchUserControlRPTestCase(name, schemeFrom, schemeTo, crossOrigin)); return; } response.write("I don't know action " + action); return; }