diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 01:47:29 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 01:47:29 +0000 |
commit | 0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d (patch) | |
tree | a31f07c9bcca9d56ce61e9a1ffd30ef350d513aa /netwerk/test/unit/test_referrer.js | |
parent | Initial commit. (diff) | |
download | firefox-esr-0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d.tar.xz firefox-esr-0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d.zip |
Adding upstream version 115.8.0esr.upstream/115.8.0esr
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | netwerk/test/unit/test_referrer.js | 248 |
1 files changed, 248 insertions, 0 deletions
diff --git a/netwerk/test/unit/test_referrer.js b/netwerk/test/unit/test_referrer.js new file mode 100644 index 0000000000..0c42849a43 --- /dev/null +++ b/netwerk/test/unit/test_referrer.js @@ -0,0 +1,248 @@ +"use strict"; + +const ReferrerInfo = Components.Constructor( + "@mozilla.org/referrer-info;1", + "nsIReferrerInfo", + "init" +); + +function getTestReferrer(server_uri, referer_uri, isPrivate = false) { + var uri = NetUtil.newURI(server_uri); + let referrer = NetUtil.newURI(referer_uri); + let principal = Services.scriptSecurityManager.createContentPrincipal( + referrer, + { privateBrowsingId: isPrivate ? 1 : 0 } + ); + var chan = NetUtil.newChannel({ + uri, + loadingPrincipal: principal, + contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER, + securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL, + }); + + chan.QueryInterface(Ci.nsIHttpChannel); + chan.referrerInfo = new ReferrerInfo( + Ci.nsIReferrerInfo.EMPTY, + true, + referrer + ); + var header = null; + try { + header = chan.getRequestHeader("Referer"); + } catch (NS_ERROR_NOT_AVAILABLE) {} + return header; +} + +function run_test() { + var prefs = Services.prefs; + + var server_uri = "http://bar.examplesite.com/path2"; + var server_uri_2 = "http://bar.example.com/anotherpath"; + var referer_uri = "http://foo.example.com/path"; + var referer_uri_2 = "http://bar.examplesite.com/path3?q=blah"; + var referer_uri_2_anchor = "http://bar.examplesite.com/path3?q=blah#anchor"; + var referer_uri_idn = "http://sub1.\xe4lt.example/path"; + + // for https tests + var server_uri_https = "https://bar.example.com/anotherpath"; + var referer_uri_https = "https://bar.example.com/path3?q=blah"; + var referer_uri_2_https = "https://bar.examplesite.com/path3?q=blah"; + + // tests for sendRefererHeader + prefs.setIntPref("network.http.sendRefererHeader", 0); + Assert.equal(null, getTestReferrer(server_uri, referer_uri)); + prefs.setIntPref("network.http.sendRefererHeader", 2); + Assert.equal( + getTestReferrer(server_uri, referer_uri), + "http://foo.example.com/" + ); + + // test that https ref is not sent to http + Assert.equal(null, getTestReferrer(server_uri_2, referer_uri_https)); + + // tests for referer.defaultPolicy + prefs.setIntPref("network.http.referer.defaultPolicy", 0); + Assert.equal(null, getTestReferrer(server_uri, referer_uri)); + prefs.setIntPref("network.http.referer.defaultPolicy", 1); + Assert.equal(null, getTestReferrer(server_uri, referer_uri)); + Assert.equal(getTestReferrer(server_uri, referer_uri_2), referer_uri_2); + prefs.setIntPref("network.http.referer.defaultPolicy", 2); + Assert.equal(null, getTestReferrer(server_uri, referer_uri_https)); + Assert.equal( + getTestReferrer(server_uri_https, referer_uri_https), + referer_uri_https + ); + Assert.equal( + getTestReferrer(server_uri_https, referer_uri_2_https), + "https://bar.examplesite.com/" + ); + Assert.equal(getTestReferrer(server_uri, referer_uri_2), referer_uri_2); + Assert.equal( + getTestReferrer(server_uri, referer_uri), + "http://foo.example.com/" + ); + prefs.setIntPref("network.http.referer.defaultPolicy", 3); + Assert.equal(getTestReferrer(server_uri, referer_uri), referer_uri); + Assert.equal(null, getTestReferrer(server_uri_2, referer_uri_https)); + + // tests for referer.defaultPolicy.pbmode + prefs.setIntPref("network.http.referer.defaultPolicy.pbmode", 0); + Assert.equal(null, getTestReferrer(server_uri, referer_uri, true)); + prefs.setIntPref("network.http.referer.defaultPolicy.pbmode", 1); + Assert.equal(null, getTestReferrer(server_uri, referer_uri, true)); + Assert.equal(getTestReferrer(server_uri, referer_uri_2, true), referer_uri_2); + prefs.setIntPref("network.http.referer.defaultPolicy.pbmode", 2); + Assert.equal(null, getTestReferrer(server_uri, referer_uri_https, true)); + Assert.equal( + getTestReferrer(server_uri_https, referer_uri_https, true), + referer_uri_https + ); + Assert.equal( + getTestReferrer(server_uri_https, referer_uri_2_https, true), + "https://bar.examplesite.com/" + ); + Assert.equal(getTestReferrer(server_uri, referer_uri_2, true), referer_uri_2); + Assert.equal( + getTestReferrer(server_uri, referer_uri, true), + "http://foo.example.com/" + ); + prefs.setIntPref("network.http.referer.defaultPolicy.pbmode", 3); + Assert.equal(getTestReferrer(server_uri, referer_uri, true), referer_uri); + Assert.equal(null, getTestReferrer(server_uri_2, referer_uri_https, true)); + + // tests for referer.spoofSource + prefs.setBoolPref("network.http.referer.spoofSource", true); + Assert.equal(getTestReferrer(server_uri, referer_uri), server_uri); + prefs.setBoolPref("network.http.referer.spoofSource", false); + Assert.equal(getTestReferrer(server_uri, referer_uri), referer_uri); + + // tests for referer.XOriginPolicy + prefs.setIntPref("network.http.referer.XOriginPolicy", 2); + Assert.equal(null, getTestReferrer(server_uri_2, referer_uri)); + Assert.equal(getTestReferrer(server_uri, referer_uri_2), referer_uri_2); + prefs.setIntPref("network.http.referer.XOriginPolicy", 1); + Assert.equal(getTestReferrer(server_uri_2, referer_uri), referer_uri); + Assert.equal(null, getTestReferrer(server_uri, referer_uri)); + // https test + Assert.equal( + getTestReferrer(server_uri_https, referer_uri_https), + referer_uri_https + ); + prefs.setIntPref("network.http.referer.XOriginPolicy", 0); + Assert.equal(getTestReferrer(server_uri, referer_uri), referer_uri); + + // tests for referer.trimmingPolicy + prefs.setIntPref("network.http.referer.trimmingPolicy", 1); + Assert.equal( + getTestReferrer(server_uri, referer_uri_2), + "http://bar.examplesite.com/path3" + ); + Assert.equal( + getTestReferrer(server_uri, referer_uri_idn), + "http://sub1.xn--lt-uia.example/path" + ); + prefs.setIntPref("network.http.referer.trimmingPolicy", 2); + Assert.equal( + getTestReferrer(server_uri, referer_uri_2), + "http://bar.examplesite.com/" + ); + Assert.equal( + getTestReferrer(server_uri, referer_uri_idn), + "http://sub1.xn--lt-uia.example/" + ); + // https test + Assert.equal( + getTestReferrer(server_uri_https, referer_uri_https), + "https://bar.example.com/" + ); + prefs.setIntPref("network.http.referer.trimmingPolicy", 0); + // test that anchor is lopped off in ordinary case + Assert.equal( + getTestReferrer(server_uri, referer_uri_2_anchor), + referer_uri_2 + ); + + // tests for referer.XOriginTrimmingPolicy + prefs.setIntPref("network.http.referer.XOriginTrimmingPolicy", 1); + Assert.equal( + getTestReferrer(server_uri, referer_uri), + "http://foo.example.com/path" + ); + Assert.equal( + getTestReferrer(server_uri, referer_uri_idn), + "http://sub1.xn--lt-uia.example/path" + ); + Assert.equal( + getTestReferrer(server_uri, referer_uri_2), + "http://bar.examplesite.com/path3?q=blah" + ); + prefs.setIntPref("network.http.referer.trimmingPolicy", 1); + Assert.equal( + getTestReferrer(server_uri, referer_uri_2), + "http://bar.examplesite.com/path3" + ); + prefs.setIntPref("network.http.referer.XOriginTrimmingPolicy", 2); + Assert.equal( + getTestReferrer(server_uri, referer_uri), + "http://foo.example.com/" + ); + Assert.equal( + getTestReferrer(server_uri, referer_uri_idn), + "http://sub1.xn--lt-uia.example/" + ); + Assert.equal( + getTestReferrer(server_uri, referer_uri_2), + "http://bar.examplesite.com/path3" + ); + prefs.setIntPref("network.http.referer.trimmingPolicy", 0); + Assert.equal( + getTestReferrer(server_uri, referer_uri_2), + "http://bar.examplesite.com/path3?q=blah" + ); + // https tests + Assert.equal( + getTestReferrer(server_uri_https, referer_uri_https), + "https://bar.example.com/path3?q=blah" + ); + Assert.equal( + getTestReferrer(server_uri_https, referer_uri_2_https), + "https://bar.examplesite.com/" + ); + prefs.setIntPref("network.http.referer.XOriginTrimmingPolicy", 0); + // test that anchor is lopped off in ordinary case + Assert.equal( + getTestReferrer(server_uri, referer_uri_2_anchor), + referer_uri_2 + ); + + // test referrer length limitation + // referer_uri's length is 27 and origin's length is 23 + prefs.setIntPref("network.http.referer.referrerLengthLimit", 27); + Assert.equal(getTestReferrer(server_uri, referer_uri), referer_uri); + prefs.setIntPref("network.http.referer.referrerLengthLimit", 26); + Assert.equal( + getTestReferrer(server_uri, referer_uri), + "http://foo.example.com/" + ); + prefs.setIntPref("network.http.referer.referrerLengthLimit", 22); + Assert.equal(getTestReferrer(server_uri, referer_uri), null); + prefs.setIntPref("network.http.referer.referrerLengthLimit", 0); + Assert.equal(getTestReferrer(server_uri, referer_uri), referer_uri); + prefs.setIntPref("network.http.referer.referrerLengthLimit", 4096); + Assert.equal(getTestReferrer(server_uri, referer_uri), referer_uri); + + // combination test: send spoofed path-only when hosts match + var combo_referer_uri = "http://blah.foo.com/path?q=hot"; + var dest_uri = "http://blah.foo.com:9999/spoofedpath?q=bad"; + prefs.setIntPref("network.http.referer.trimmingPolicy", 1); + prefs.setBoolPref("network.http.referer.spoofSource", true); + prefs.setIntPref("network.http.referer.XOriginPolicy", 2); + Assert.equal( + getTestReferrer(dest_uri, combo_referer_uri), + "http://blah.foo.com:9999/spoofedpath" + ); + Assert.equal( + null, + getTestReferrer(dest_uri, "http://gah.foo.com/anotherpath") + ); +} |