Closed Bug 1184781 Opened 9 years ago Closed 8 years ago

Additional referrer policy tests

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: franziskus, Assigned: franziskus)

References

(Depends on 1 open bug)

Details

(Whiteboard: tpe-seceng)

Attachments

(1 file, 1 obsolete file)

testing img and iframe referrer on redirect delivered with meta or attribute
16.96 KB, patch
franziskus
: review+
Details | Diff | Splinter Review 
More tests for referrer policies [1].

[1] https://w3c.github.io/webappsec/specs/referrer-policy/
this requires src and tests from bug 1175736 and bug 1174913
Attachment #8636197 - Flags: review?(mozilla)
Assignee: nobody → franziskuskiefer
Comment on attachment 8636197 [details] [diff] [review]
testing img and iframe referrer on redirect delivered with meta or attribute

Review of attachment 8636197 [details] [diff] [review]:
-----------------------------------------------------------------

r=me, but consider what I've suggested about https in regards of B2g (see comment further down).

::: dom/base/test/referrer_testserver.sjs
@@ +7,5 @@
>  Components.utils.importGlobalProperties(["URLSearchParams"]);
> +const SJS = 'referrer_testserver.sjs?';
> +const BASE_URL = 'example.com/tests/dom/base/test/' + SJS;
> +const SAME_ORIGIN = 'mochi.test:8888/tests/dom/base/test/' + SJS;
> +const OTHER_ORIGIN = 'test1.example.com/tests/dom/base/test/' + SJS;

nit: CROSS_ORIGIN

@@ +185,5 @@
> +    // 302 found, 301 Moved Permanently, 303 See Other, 307 Temporary Redirect
> +    response.setStatusLine('1.1', 302, 'found');
> +    response.setHeader('Location',  scheme + "://" + OTHER_ORIGIN + params.toString(), false);
> +    return;
> +  }

Nit: sometimes you use single quotes, sometimes double quotes when you compare the action against the string literal, please be consistent.

::: dom/base/test/test_referrer_redirect.html
@@ +12,5 @@
> +  -->
> +
> +  <script type="application/javascript;version=1.8">
> +
> +  const sjs = "/tests/dom/base/test/referrer_testserver.sjs?";

why is sjs lower case and all other consts are uppercase?

@@ +33,5 @@
> +        {ATTRIBUTE_POLICY: 'no-referrer',
> +         NAME: 'no-referrer-with-no-meta',
> +         DESC: "no-referrer (img/iframe) with no meta",
> +         RESULT: 'none',
> +         SCHEME: 'http'},

Looks good, but please use curly braces on their own lines:
{
  ATTRIBUTE_POLICY: 'no-referrer',
  NAME: 'no-referrer-with-no-meta',
  DESC: "no-referrer (img/iframe) with no meta",
  RESULT: 'none',
  SCHEME: 'http'
},
{
  bla bla bla

@@ +38,5 @@
> +        {ATTRIBUTE_POLICY: 'no-referrer',
> +         NAME: 'no-referrer-with-no-meta',
> +         DESC: "no-referrer (img/iframe) with no meta",
> +         RESULT: 'none',
> +         SCHEME: 'https'},

Does https work on B2G now? Otherwise you would have to disable that test on some platforms. I wouldn't mind if you just remove the https tests, should have enough test coverage without the different schemes. I'd prefer to have some redirect tests working on B2G then having all of them disabled. Up to you though!
Attachment #8636197 - Flags: review?(mozilla) → review+
Keywords: checkin-needed, leave-open
Summary: referrer policy tests → Additional referrer policy tests
Whiteboard: tpe-seceng
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Removing leave-open keyword from resolved bugs, per :sylvestre.
Keywords: leave-open
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: