diff options
Diffstat (limited to 'dom/base/test/test_iframe_referrer.html')
-rw-r--r-- | dom/base/test/test_iframe_referrer.html | 107 |
1 files changed, 107 insertions, 0 deletions
diff --git a/dom/base/test/test_iframe_referrer.html b/dom/base/test/test_iframe_referrer.html new file mode 100644 index 0000000000..17f0e915e7 --- /dev/null +++ b/dom/base/test/test_iframe_referrer.html @@ -0,0 +1,107 @@ +<!DOCTYPE HTML> +<html> +<head> + <meta charset="utf-8"> + <title>Test iframe referrer policy attribute for Bug 1175736</title> + <script src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/> + + <!-- + Testing that iframe referrer attribute is honoured correctly + * regular loads + * regression tests that meta referrer is still working even if attribute referrers are enabled + https://bugzilla.mozilla.org/show_bug.cgi?id=1175736 + --> + + <script type="application/javascript"> + + const SJS = "://example.com/tests/dom/base/test/referrer_testserver.sjs?"; + const PARAMS = ["ATTRIBUTE_POLICY", "NEW_ATTRIBUTE_POLICY", "META_POLICY", "SCHEME_FROM", "SCHEME_TO"]; + + const testCases = [ + {ACTION: ["generate-iframe-policy-test"], + TESTS: [ + {ATTRIBUTE_POLICY: 'unsafe-url', + NAME: 'unsafe-url-with-origin-in-meta', + META_POLICY: 'origin', + DESC: "unsafe-url (iframe) with origin in meta", + RESULT: 'full'}, + {ATTRIBUTE_POLICY: 'origin', + NAME: 'origin-with-unsafe-url-in-meta', + META_POLICY: 'unsafe-url', + DESC: "origin (iframe) with unsafe-url in meta", + RESULT: 'origin'}, + {ATTRIBUTE_POLICY: 'no-referrer', + NAME: 'no-referrer-with-origin-in-meta', + META_POLICY: 'origin', + DESC: "no-referrer (iframe) with origin in meta", + RESULT: 'none'}, + {NAME: 'no-referrer-in-meta', + META_POLICY: 'no-referrer', + DESC: "no-referrer in meta", + RESULT: 'none'}, + {ATTRIBUTE_POLICY: 'origin', + NAME: 'origin-with-no-meta', + META_POLICY: '', + DESC: "origin (iframe) with no meta", + RESULT: 'origin'}, + {ATTRIBUTE_POLICY: 'same-origin', + NAME: 'same-origin-with-origin-in-meta', + META_POLICY: 'origin', + DESC: "same-origin with origin in meta", + RESULT: 'full'}, + + // 1. Downgrade. + {ATTRIBUTE_POLICY: 'strict-origin', + NAME: 'origin-in-meta-strict-origin-in-attr', + META_POLICY: 'origin', + DESC: 'origin in meta strict-origin in attr', + SCHEME_FROM: 'https', + SCHEME_TO: 'http', + RESULT: 'none'}, + {ATTRIBUTE_POLICY: 'strict-origin-when-cross-origin', + NAME: 'origin-in-meta-strict-origin-when-cross-origin-in-attr', + META_POLICY: 'origin', + DESC: 'origin in meta strict-origin-when-cross-origin in attr', + SCHEME_FROM: 'https', + SCHEME_TO: 'http', + RESULT: 'none'}, + + // 2. No downgrade. + {ATTRIBUTE_POLICY: 'strict-origin', + NAME: 'origin-in-meta-strict-origin-in-attr', + META_POLICY: 'origin', + DESC: 'origin in meta strict-origin in attr', + SCHEME_FROM: 'https', + SCHEME_TO: 'https', + RESULT: 'origin'}, + {ATTRIBUTE_POLICY: 'strict-origin-when-cross-origin', + NAME: 'origin-in-meta-strict-origin-when-cross-origin-in-attr', + META_POLICY: 'origin', + DESC: 'origin in meta strict-origin-when-cross-origin in attr', + SCHEME_FROM: 'https', + SCHEME_TO: 'https', + RESULT: 'full'}, + {ATTRIBUTE_POLICY: 'strict-origin-when-cross-origin', + NAME: 'strict-origin-when-cross-origin-with-origin-in-meta', + META_POLICY: 'origin', + SCHEME_FROM: 'http', + SCHEME_TO: 'https', + DESC: "strict-origin-when-cross-origin with origin in meta", + RESULT: 'origin'}, + {ATTRIBUTE_POLICY: 'same-origin', + NAME: 'same-origin-with-origin-in-meta', + META_POLICY: 'origin', + SCHEME_FROM: 'http', + SCHEME_TO: 'https', + DESC: "same-origin with origin in meta", + RESULT: 'none'}, + ]} + ]; + </script> + <script type="application/javascript" src="/tests/dom/base/test/referrer_helper.js"></script> +</head> +<body onload="tests.next();"> + <iframe id="testframe"></iframe> +</body> +</html> |