summaryrefslogtreecommitdiffstats
path: root/dom/security/test/referrer-policy/test_referrer_redirect.html
diff options
context:
space:
mode:
Diffstat (limited to 'dom/security/test/referrer-policy/test_referrer_redirect.html')
-rw-r--r--dom/security/test/referrer-policy/test_referrer_redirect.html171
1 files changed, 171 insertions, 0 deletions
diff --git a/dom/security/test/referrer-policy/test_referrer_redirect.html b/dom/security/test/referrer-policy/test_referrer_redirect.html
new file mode 100644
index 0000000000..df7a75a19c
--- /dev/null
+++ b/dom/security/test/referrer-policy/test_referrer_redirect.html
@@ -0,0 +1,171 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <meta charset="utf-8">
+ <title>Test anchor and area policy attribute for Bug 1184781</title>
+ <script src="/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
+
+ <!--
+ Testing referrer headers after redirects.
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1184781
+ -->
+
+ <script type="application/javascript">
+
+ const SJS = "://example.com/tests/dom/security/test/referrer-policy/referrer_testserver.sjs?";
+ const PARAMS = ["ATTRIBUTE_POLICY", "NEW_ATTRIBUTE_POLICY", "META_POLICY", "RP_HEADER", "HSTS"];
+
+ const testCases = [
+ {ACTION: ["generate-img-redirect-policy-test", "generate-iframe-redirect-policy-test"],
+ TESTS: [
+ {
+ ATTRIBUTE_POLICY: "no-referrer",
+ NAME: "no-referrer-with-no-meta",
+ DESC: "no-referrer (img/iframe) with no meta",
+ RESULT: "none"
+ },
+ {
+ ATTRIBUTE_POLICY: "origin",
+ NAME: "origin-with-no-meta",
+ DESC: "origin (img/iframe) with no meta",
+ RESULT: "origin"
+ },
+ {
+ ATTRIBUTE_POLICY: "unsafe-url",
+ NAME: "unsafe-url-with-no-meta",
+ DESC: "unsafe-url (img/iframe) with no meta",
+ RESULT: "full"
+ },
+ {
+ META_POLICY: "unsafe-url",
+ NAME: "unsafe-url-in-meta",
+ DESC: "unsafe-url in meta",
+ RESULT: "full"
+ },
+ {
+ META_POLICY: "origin",
+ NAME: "origin-in-meta",
+ DESC: "origin in meta",
+ RESULT: "origin"
+ },
+ {
+ META_POLICY: "no-referrer",
+ NAME: "no-referrer-in-meta",
+ DESC: "no-referrer in meta",
+ RESULT: "none"
+ },
+ {
+ META_POLICY: "origin-when-cross-origin",
+ NAME: "origin-when-cross-origin-in-meta",
+ DESC: "origin-when-cross-origin in meta",
+ RESULT: "origin"
+ },
+ {
+ ATTRIBUTE_POLICY: "no-referrer",
+ RP_HEADER: "origin",
+ NAME: "no-referrer-with-no-meta-origin-RP-header",
+ DESC: "no-referrer (img/iframe) with no meta, origin Referrer-Policy redirect header",
+ RESULT: "none"
+ },
+ {
+ ATTRIBUTE_POLICY: "origin",
+ RP_HEADER: "no-referrer",
+ NAME: "origin-with-no-meta-no-referrer-RP-header",
+ DESC: "origin (img/iframe) with no meta, no-referrer Referrer-Policy redirect header",
+ RESULT: "none"
+ },
+ {
+ ATTRIBUTE_POLICY: "unsafe-url",
+ RP_HEADER: "origin",
+ NAME: "unsafe-url-with-no-meta-origin-RP-header",
+ DESC: "unsafe-url (img/iframe) with no meta, origin Referrer-Policy redirect header",
+ RESULT: "origin"
+ },
+ {
+ META_POLICY: "unsafe-url",
+ RP_HEADER: "origin",
+ NAME: "unsafe-url-in-meta-origin-RP-header",
+ DESC: "unsafe-url in meta, origin Referrer-Policy redirect header",
+ RESULT: "origin"
+ },
+ {
+ META_POLICY: "origin",
+ RP_HEADER: "no-referrer",
+ NAME: "origin-in-meta-no-referrer-RP-header",
+ DESC: "origin in meta, no-referrer Referrer-Policy redirect header",
+ RESULT: "none"
+ },
+ {
+ META_POLICY: "no-referrer",
+ RP_HEADER: "origin",
+ NAME: "no-referrer-in-meta-origin-RP-header",
+ DESC: "no-referrer in meta, origin Referrer-Policy redirect header",
+ RESULT: "none"
+ },
+ {
+ META_POLICY: "origin-when-cross-origin",
+ RP_HEADER: "unsafe-url",
+ NAME: "origin-when-cross-origin-in-meta-unsafe-url-RP-header",
+ DESC: "origin-when-cross-origin in meta, unsafe-url Referrer-Policy redirect header",
+ RESULT: "origin"
+ }
+ ]
+ },
+ // Check that "internal" redirects for mixed content upgrading
+ // are invisible, but not for HSTS upgrades (Bug 1857894).
+ {
+ ACTION: ["generate-img-policy-test"],
+ PREFS: [
+ ["security.mixed_content.upgrade_display_content", true],
+ ["security.mixed_content.upgrade_display_content.image", true],
+ ],
+ TESTS: [
+ {
+ META_POLICY: "strict-origin",
+ NAME: "img-strict-origin-mixed-content-upgrade",
+ DESC: "img-strict-origin-mixed-content-upgrade",
+ SCHEME_FROM: "https",
+ RESULT: "other-origin",
+ },
+ ]
+ },
+ {
+ ACTION: ["generate-img-policy-test"],
+ PREFS: [["security.mixed_content.upgrade_display_content", false]],
+ TESTS: [
+ {
+ META_POLICY: "strict-origin",
+ NAME: "img-strict-origin-mixed-content-no-upgrade",
+ DESC: "img-strict-origin-mixed-content-no-upgrade",
+ SCHEME_FROM: "https",
+ RESULT: "none",
+ },
+ ]
+ },
+ {
+ ACTION: ["generate-img-policy-test"],
+ PREFS: [
+ ["security.mixed_content.upgrade_display_content", false],
+ ["network.stricttransportsecurity.preloadlist", true],
+ ],
+ TESTS: [
+ {
+ META_POLICY: "strict-origin",
+ NAME: "img-strict-origin-hsts-upgrade",
+ DESC: "img-strict-origin-hsts-upgrade",
+ SCHEME_FROM: "https",
+ RESULT: "none",
+ HSTS: true,
+ },
+ ]
+ }
+ ];
+ </script>
+ <script type="application/javascript" src="/tests/dom/security/test/referrer-policy/referrer_helper.js"></script>
+</head>
+<body onload="tests.next();">
+ <iframe id="testframe"></iframe>
+</body>
+</html>
+
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-16 20:22:39 +0000