1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
// META: timeout=long
// META: script=/common/utils.js
// META: script=../resources/utils.js
// META: script=/common/get-host-info.sub.js
function getExpectation(expectations, init, initScenario, redirectPolicy, redirectScenario) {
let policies = [
expectations[initPolicy][initScenario],
expectations[redirectPolicy][redirectScenario]
];
if (policies.includes("omitted")) {
return null;
} else if (policies.includes("origin")) {
return referrerOrigin;
} else {
// "stripped-referrer"
return referrerUrl;
}
}
function testReferrerAfterRedirection(desc, redirectUrl, redirectLocation, referrerPolicy, redirectReferrerPolicy, expectedReferrer) {
var url = redirectUrl;
var urlParameters = "?location=" + encodeURIComponent(redirectLocation);
var description = desc + ", " + referrerPolicy + " init, " + redirectReferrerPolicy + " redirect header ";
if (redirectReferrerPolicy)
urlParameters += "&redirect_referrerpolicy=" + redirectReferrerPolicy;
var requestInit = {"redirect": "follow", "referrerPolicy": referrerPolicy};
promise_test(function(test) {
return fetch(url + urlParameters, requestInit).then(function(response) {
assert_equals(response.status, 200, "Inspect header response's status is 200");
assert_equals(response.headers.get("x-request-referer"), expectedReferrer ? expectedReferrer : null, "Check referrer header");
});
}, description);
}
var referrerOrigin = get_host_info().HTTP_ORIGIN + "/";
var referrerUrl = location.href;
var redirectUrl = RESOURCES_DIR + "redirect.py";
var locationUrl = get_host_info().HTTP_ORIGIN + dirname(location.pathname) + RESOURCES_DIR + "inspect-headers.py?headers=referer";
var crossLocationUrl = get_host_info().HTTP_REMOTE_ORIGIN + dirname(location.pathname) + RESOURCES_DIR + "inspect-headers.py?cors&headers=referer";
var expectations = {
"no-referrer": {
"same-origin": "omitted",
"cross-origin": "omitted"
},
"no-referrer-when-downgrade": {
"same-origin": "stripped-referrer",
"cross-origin": "stripped-referrer"
},
"origin": {
"same-origin": "origin",
"cross-origin": "origin"
},
"origin-when-cross-origin": {
"same-origin": "stripped-referrer",
"cross-origin": "origin",
},
"same-origin": {
"same-origin": "stripped-referrer",
"cross-origin": "omitted"
},
"strict-origin": {
"same-origin": "origin",
"cross-origin": "origin"
},
"strict-origin-when-cross-origin": {
"same-origin": "stripped-referrer",
"cross-origin": "origin"
},
"unsafe-url": {
"same-origin": "stripped-referrer",
"cross-origin": "stripped-referrer"
}
};
for (var initPolicy in expectations) {
for (var redirectPolicy in expectations) {
// Redirect to same-origin URL
testReferrerAfterRedirection(
"Same origin redirection",
redirectUrl,
locationUrl,
initPolicy,
redirectPolicy,
getExpectation(expectations, initPolicy, "same-origin", redirectPolicy, "same-origin"));
// Redirect to cross-origin URL
testReferrerAfterRedirection(
"Cross origin redirection",
redirectUrl,
crossLocationUrl,
initPolicy,
redirectPolicy,
getExpectation(expectations, initPolicy, "same-origin", redirectPolicy, "cross-origin"));
}
}
done();
|
