<!DOCTYPE HTML> <html> <head> <meta charset="utf-8"> <title>Test preload referrer policy for Bug 1399780</title> <script src="/tests/SimpleTest/SimpleTest.js"></script> <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/> <!-- Testing that link referrer attributes are honoured correctly for rel=preload https://bugzilla.mozilla.org/show_bug.cgi?id=1399780 --> <script type="application/javascript"> const SJS = "://example.com/tests/dom/base/test/referrer_testserver.sjs?"; const PARAMS = ["ATTRIBUTE_POLICY", "NEW_ATTRIBUTE_POLICY", "META_POLICY", "REL", "SCHEME_FROM", "SCHEME_TO"]; const testCases = [ {ACTION: ["generate-link-policy-test"], PREFS: [ ["dom.security.https_first", false], ["security.mixed_content.upgrade_display_content", false] ], TESTS: [ {ATTRIBUTE_POLICY: 'unsafe-url', NAME: 'preload-unsafe-url-with-origin-in-meta', META_POLICY: 'origin', REL: 'preload', DESC: "preload-unsafe-url with origin in meta", RESULT: 'full'}, {ATTRIBUTE_POLICY: 'origin', NAME: 'preload-origin-with-unsafe-url-in-meta', META_POLICY: 'unsafe-url', REL: 'preload', DESC: "preload-origin with unsafe-url in meta", RESULT: 'origin'}, {ATTRIBUTE_POLICY: 'no-referrer', NAME: 'preload-no-referrer-with-origin-in-meta', META_POLICY: 'origin', REL: 'preload', DESC: "preload-no-referrer with origin in meta", RESULT: 'none'}, {ATTRIBUTE_POLICY: 'same-origin', NAME: 'preload-same-origin-with-origin-in-meta', META_POLICY: 'origin', REL: 'preload', DESC: "preload-same-origin with origin in meta", RESULT: 'full'}, {NAME: 'preload-no-referrer-in-meta', META_POLICY: 'no-referrer', REL: 'preload', DESC: "preload-no-referrer in meta", RESULT: 'none'}, // Downgrade. {ATTRIBUTE_POLICY: 'no-referrer-when-downgrade', NAME: 'preload-origin-in-meta-downgrade-in-attr', META_POLICY: 'origin', DESC: 'preload-origin in meta downgrade in attr', REL: 'preload', SCHEME_FROM: 'https', SCHEME_TO: 'http', RESULT: 'none'}, {ATTRIBUTE_POLICY: 'strict-origin', NAME: 'preload-origin-in-meta-strict-origin-in-attr', META_POLICY: 'origin', DESC: 'preload-origin in meta strict-origin in attr', REL: 'preload', SCHEME_FROM: 'https', SCHEME_TO: 'http', RESULT: 'none'}, {ATTRIBUTE_POLICY: 'strict-origin-when-cross-origin', NAME: 'preload-origin-in-meta-strict-origin-when-cross-origin-in-attr', META_POLICY: 'origin', DESC: 'preload-origin in meta strict-origin-when-cross-origin in attr', REL: 'preload', SCHEME_FROM: 'https', SCHEME_TO: 'http', RESULT: 'none'}, // No downgrade. {ATTRIBUTE_POLICY: 'no-referrer-when-downgrade', NAME: 'preload-origin-in-meta-downgrade-in-attr', META_POLICY: 'origin', DESC: 'preload-origin in meta downgrade in attr', REL: 'preload', SCHEME_FROM: 'https', SCHEME_TO: 'https', RESULT: 'full'}, {ATTRIBUTE_POLICY: 'origin', NAME: 'preload-origin-with-no-meta', META_POLICY: '', REL: 'preload', DESC: "preload-origin with no meta", RESULT: 'origin'}, {ATTRIBUTE_POLICY: 'strict-origin', NAME: 'preload-origin-in-meta-strict-origin-in-attr', META_POLICY: 'origin', DESC: 'preload-origin in meta strict-origin in attr', REL: 'preload', SCHEME_FROM: 'https', SCHEME_TO: 'https', RESULT: 'origin'}, {ATTRIBUTE_POLICY: 'strict-origin-when-cross-origin', NAME: 'preload-origin-in-meta-strict-origin-when-cross-origin-in-attr', META_POLICY: 'origin', DESC: 'preload-origin in meta strict-origin-when-cross-origin in attr', REL: 'preload', SCHEME_FROM: 'https', SCHEME_TO: 'https', RESULT: 'full'}, // Cross origin {ATTRIBUTE_POLICY: 'origin-when-cross-origin', NAME: 'preload-origin-when-cross-origin-with-no-meta', META_POLICY: '', SCHEME_FROM: 'https', SCHEME_TO: 'http', REL: 'preload', DESC: "preload-origin-when-cross-origin with no meta", RESULT: 'origin'}, {ATTRIBUTE_POLICY: 'origin-when-cross-origin', NAME: 'preload-origin-when-cross-origin-with-no-referrer-in-meta', META_POLICY: 'no-referrer', SCHEME_FROM: 'https', SCHEME_TO: 'http', REL: 'preload', DESC: "preload-origin-when-cross-origin with no-referrer in meta", RESULT: 'origin'}, {ATTRIBUTE_POLICY: 'origin-when-cross-origin', NAME: 'preload-origin-when-cross-origin-with-unsafe-url-in-meta', META_POLICY: 'unsafe-url', SCHEME_FROM: 'https', SCHEME_TO: 'http', REL: 'preload', DESC: "preload-origin-when-cross-origin with unsafe-url in meta", RESULT: 'origin'}, {ATTRIBUTE_POLICY: 'origin-when-cross-origin', NAME: 'preload-origin-when-cross-origin-with-origin-in-meta', META_POLICY: 'origin', SCHEME_FROM: 'https', SCHEME_TO: 'http', REL: 'preload', DESC: "preload-origin-when-cross-origin with origin in meta", RESULT: 'origin'}, {ATTRIBUTE_POLICY: 'strict-origin-when-cross-origin', NAME: 'preload-strict-origin-when-cross-origin-with-origin-in-meta', META_POLICY: 'origin', SCHEME_FROM: 'http', SCHEME_TO: 'https', REL: 'preload', DESC: "preload-strict-origin-when-cross-origin with origin in meta", RESULT: 'origin'}, {ATTRIBUTE_POLICY: 'same-origin', NAME: 'preload-same-origin-with-origin-in-meta', META_POLICY: 'origin', SCHEME_FROM: 'http', SCHEME_TO: 'https', REL: 'preload', DESC: "preload-same-origin with origin in meta", RESULT: 'none'}, // Invalid {ATTRIBUTE_POLICY: 'default', NAME: 'preload-default-with-no-meta', META_POLICY: '', REL: 'preload', DESC: "preload-default with no meta", RESULT: 'full'}, {ATTRIBUTE_POLICY: 'something', NAME: 'preload-something-with-no-meta', META_POLICY: '', REL: 'preload', DESC: "preload-something with no meta", RESULT: 'full'}, ]}, {ACTION: ["generate-link-policy-test-set-attribute"], TESTS: [ {ATTRIBUTE_POLICY: 'unsafe-url', NEW_ATTRIBUTE_POLICY: 'no-referrer', NAME: 'preload-no-referrer-unsafe-url-set-attribute-with-origin-in-meta', META_POLICY: 'origin', REL: 'preload', DESC: "preload-no-referrer-set-attribute (orginally unsafe-url) with origin in meta", RESULT: 'none'}, {ATTRIBUTE_POLICY: 'origin', NEW_ATTRIBUTE_POLICY: 'unsafe-url', NAME: 'preload-unsafe-url-origin-set-attribute-with-no-referrer-in-meta', META_POLICY: 'no-referrer', REL: 'preload', DESC: "preload-unsafe-url-set-attribute(orginally origin) with no-referrer in meta", RESULT: 'full'}, ]}, {ACTION: ["generate-link-policy-test-property"], TESTS: [ {ATTRIBUTE_POLICY: 'no-referrer', NEW_ATTRIBUTE_POLICY: 'unsafe-url', NAME: 'preload-unsafe-url-no-referrer-property-with-origin-in-meta', META_POLICY: 'origin', REL: 'preload', DESC: "preload-unsafe-url-property (orginally no-referrer) with origin in meta", RESULT: 'full'}, {ATTRIBUTE_POLICY: 'origin', NEW_ATTRIBUTE_POLICY: 'unsafe-url', NAME: 'preload-unsafe-url-origin-property-with-no-referrer-in-meta', META_POLICY: 'no-referrer', REL: 'preload', DESC: "preload-unsafe-url-property (orginally origin) with no-referrer in meta", RESULT: 'full'}, ]}, { // All previos tests with SCHEME_FROM: 'https' and SCHEME_TO: 'http', // this time with mixed content upgrading enabled. ACTION: ["generate-link-policy-test"], PREFS: [ ["dom.security.https_first", false], ["security.mixed_content.upgrade_display_content", true], ["security.mixed_content.upgrade_display_content.image", true], ], TESTS: [ // Downgrade. {ATTRIBUTE_POLICY: 'no-referrer-when-downgrade', NAME: 'preload-origin-in-meta-downgrade-in-attr-upgraded', META_POLICY: 'origin', DESC: 'preload-origin in meta downgrade in attr (upgraded)', REL: 'preload', SCHEME_FROM: 'https', SCHEME_TO: 'http', RESULT: 'full'}, {ATTRIBUTE_POLICY: 'strict-origin', NAME: 'preload-origin-in-meta-strict-origin-in-attr-upgraded', META_POLICY: 'origin', DESC: 'preload-origin in meta strict-origin in attr (upgraded)', REL: 'preload', SCHEME_FROM: 'https', SCHEME_TO: 'http', RESULT: 'origin'}, {ATTRIBUTE_POLICY: 'strict-origin-when-cross-origin', NAME: 'preload-origin-in-meta-strict-origin-when-cross-origin-in-attr-upgraded', META_POLICY: 'origin', DESC: 'preload-origin in meta strict-origin-when-cross-origin in attr (upgraded)', REL: 'preload', SCHEME_FROM: 'https', SCHEME_TO: 'http', RESULT: 'full'}, // Cross origin {ATTRIBUTE_POLICY: 'origin-when-cross-origin', NAME: 'preload-origin-when-cross-origin-with-no-meta-upgraded', META_POLICY: '', SCHEME_FROM: 'https', SCHEME_TO: 'http', REL: 'preload', DESC: "preload-origin-when-cross-origin with no meta (upgraded)", RESULT: 'full'}, {ATTRIBUTE_POLICY: 'origin-when-cross-origin', NAME: 'preload-origin-when-cross-origin-with-no-referrer-in-meta-upgraded', META_POLICY: 'no-referrer', SCHEME_FROM: 'https', SCHEME_TO: 'http', REL: 'preload', DESC: "preload-origin-when-cross-origin with no-referrer in meta (upgraded)", RESULT: 'full'}, {ATTRIBUTE_POLICY: 'origin-when-cross-origin', NAME: 'preload-origin-when-cross-origin-with-unsafe-url-in-meta-upgraded-upgraded', META_POLICY: 'unsafe-url', SCHEME_FROM: 'https', SCHEME_TO: 'http', REL: 'preload', DESC: "preload-origin-when-cross-origin with unsafe-url in meta (upgraded)", RESULT: 'full'}, {ATTRIBUTE_POLICY: 'origin-when-cross-origin', NAME: 'preload-origin-when-cross-origin-with-origin-in-meta-upgraded-upgraded', META_POLICY: 'origin', SCHEME_FROM: 'https', SCHEME_TO: 'http', REL: 'preload', DESC: "preload-origin-when-cross-origin with origin in meta (upgraded)", RESULT: 'full'}, ] } ]; </script> <script type="application/javascript" src="/tests/dom/base/test/referrer_helper.js"></script> </head> <body onload="tests.next();"> <iframe id="testframe"></iframe> </body> </html>