Bug 1502678 - Add an automated test to test referrer header is sent correctly in target=_blank and rel=noopener. r=ckerschb

Differential Revision: https://phabricator.services.mozilla.com/D13236 --HG-- extra : moz-landing-system : lando
2018-11-30 14:19:12 +00:00 · 2018-11-30 14:19:12 +00:00 · 367c91d575
--- a/dom/base/test/chrome.ini
+++ b/dom/base/test/chrome.ini
@ -11,6 +11,8 @@ support-files =
  file_external_script.html
  file_external_script.xhtml
  file_script.js
+  referrer_helper.js
+  referrer_testserver.sjs
  mozbrowser_api_utils.js
  !/image/test/mochitest/shaver.png

@ -22,6 +24,7 @@ support-files =
 [test_bug945152.html]
 [test_bug1008126.html]
 [test_bug1016960.html]
+[test_anchor_target_blank_referrer.html]
 [test_copypaste.xul]
 subsuite = clipboard
 [test_domrequesthelper.xul]
--- a/dom/base/test/referrer_testserver.sjs
+++ b/dom/base/test/referrer_testserver.sjs
@ -18,9 +18,11 @@ const IMG_BYTES = atob(
  "iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12" +
  "P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg==");

-function createTestUrl(aPolicy, aAction, aName, aType, aSchemeFrom, aSchemeTo, crossOrigin) {
+function createTestUrl(aPolicy, aAction, aName, aType, aSchemeFrom, aSchemeTo,
+                       crossOrigin, referrerPolicyHeader) {
  var schemeTo = aSchemeTo || "http";
  var schemeFrom = aSchemeFrom || "http";
+  var rpHeader = referrerPolicyHeader || "";
  var url = schemeTo + "://";
  url += (crossOrigin ? CROSS_ORIGIN_URL : BASE_URL);
  url +=
@ -28,6 +30,7 @@ function createTestUrl(aPolicy, aAction, aName, aType, aSchemeFrom, aSchemeTo, c
         "policy=" + aPolicy + "&" +
         "NAME=" + aName + "&" +
         "type=" + aType + "&" +
+         "RP_HEADER=" + rpHeader + "&" +
         "SCHEME_FROM=" + schemeFrom;
  return url;
  }
@ -129,6 +132,31 @@ function createAETestPageUsingRefferer(aMetaPolicy, aAttributePolicy, aNewAttrib
           </html>`;
 }

+// test page using anchor target=_blank rel=noopener
+function createTargetBlankRefferer(aMetaPolicy, aName, aSchemeFrom,
+                                   aSchemeTo, aRpHeader) {
+  var metaString = "";
+  if (aMetaPolicy) {
+    metaString = `<head><meta name="referrer" content="${aMetaPolicy}"></head>`;
+  }
+  var elementString = `<a href="${createTestUrl(aMetaPolicy, 'test', aName, 'link', aSchemeFrom, aSchemeTo, aRpHeader)}" target=_blank rel="noopener" id="link">link</a>`;
+
+  return `<!DOCTYPE HTML>
+           <html>
+             ${metaString}
+             <body>
+               ${elementString}
+               <script>
+                 window.addEventListener("load", function() {
+                   let link = document.getElementById("link");
+                   SpecialPowers.wrap(window).parent.postMessage("childLoadReady", "*");
+                   link.click();
+                 }.bind(window), false);
+               </script>
+             </body>
+           </html>`;
+}
+
 // creates test page with img that is a redirect
 function createRedirectImgTestCase(aParams, aAttributePolicy) {
  var metaString = "";
@ -243,8 +271,12 @@ function handleRequest(request, response) {
  var schemeFrom = params.get("SCHEME_FROM") || "http";
  var schemeTo = params.get("SCHEME_TO") || "http";
  var crossOrigin = params.get("CROSS_ORIGIN") || false;
+  var referrerPolicyHeader = params.get("RP_HEADER") || "";

  response.setHeader("Access-Control-Allow-Origin", "*", false);
+  if (referrerPolicyHeader) {
+    response.setHeader("Referrer-Policy", referrerPolicyHeader, false);
+  }

  if (action === "resetState") {
    setSharedState(SHARED_KEY, "{}");
@ -372,6 +404,10 @@ function handleRequest(request, response) {
    response.write(_getAreaPage("property"));
    return;
  }
+  if (action === "generate-anchor-target-blank-policy-test") {
+    response.write(createTargetBlankRefferer(metaPolicy, name, schemeFrom, schemeTo, referrerPolicyHeader));
+    return;
+  }

  // iframe
  _getPage = createIframeTestPageUsingRefferer.bind(null, metaPolicy, attributePolicy, newAttributePolicy, name, "",
--- a/dom/base/test/test_anchor_target_blank_referrer.html
+++ b/dom/base/test/test_anchor_target_blank_referrer.html
@ -0,0 +1,135 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <meta charset="utf-8">
+  <title>Test anchor target=_blank rel=noopener referrer header for Bug 1502678</title>
+  <script type="application/javascript" src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"/>
+
+  <!--
+  Testing that anchor referrer header are honoured correctly
+  * anchor tag with rel=noopener target=_blank
+  https://bugzilla.mozilla.org/show_bug.cgi?id=1502678
+  -->
+
+  <script type="application/javascript">
+  // We are going to open new tabs with target=_blank and rel=noopener
+  // Listen a new tab is opened then close the new tab, otherwise we will lose
+  // focus for the next tests
+  ChromeUtils.import("resource://gre/modules/Services.jsm");
+  ChromeUtils.import("resource://testing-common/BrowserTestUtils.jsm");
+  const gBrowser = Services.wm.getMostRecentWindow("navigator:browser").gBrowser;
+  window.addEventListener("message", function(event) {
+    if (event.data == "childLoadReady") {
+      BrowserTestUtils.waitForNewTab(gBrowser, null,
+        true).then(function(aNewTab) {
+          BrowserTestUtils.removeTab(aNewTab);
+          advance();
+        });
+    }
+  });
+
+  const SJS = "://example.com/tests/dom/base/test/referrer_testserver.sjs?";
+  const PARAMS = ["RP_HEADER", "META_POLICY", "REL", "SCHEME_FROM", "SCHEME_TO"];
+
+  const testCases = [
+    {ACTION: ["generate-anchor-target-blank-policy-test"],
+      TESTS: [
+        // Referrer policy is set in meta
+        {NAME: 'origin-in-meta-rel-noopener',
+         META_POLICY: 'origin',
+         DESC: "origin in meta and rel=noopener",
+         SCHEME_FROM: 'https',
+         SCHEME_TO: 'http',
+         RESULT: 'origin'},
+        {NAME: 'unsafe-url-in-meta-rel-noopener',
+         META_POLICY: 'unsafe-url',
+         DESC: "unsafe-url in meta and rel=noopener",
+         SCHEME_FROM: 'https',
+         SCHEME_TO: 'http',
+         RESULT: 'full'},
+        {NAME: 'no-referrer-in-meta-rel-noopener',
+         META_POLICY: 'no-referrer',
+         DESC: "no-referrer in meta and rel=noopener",
+         SCHEME_FROM: 'https',
+         SCHEME_TO: 'http',
+         RESULT: 'none'},
+        {NAME: 'strict-origin-in-meta-rel-noopener',
+         META_POLICY: 'strict-origin',
+         DESC: "strict-origin in meta and rel=noopener",
+         SCHEME_FROM: 'https',
+         SCHEME_TO: 'http',
+         RESULT: 'none'},
+        {NAME: 'strict-origin-when-cross-origin-in-meta-rel-noopener',
+         META_POLICY: 'strict-origin-when-cross-origin',
+         DESC: "strict-origin-when-cross-origin in meta and rel=noopener",
+         SCHEME_FROM: 'https',
+         SCHEME_TO: 'http',
+         RESULT: 'none'},
+        {NAME: 'same-origin-in-meta-rel-noopener',
+         META_POLICY: 'same-origin',
+         DESC: "same-origin in meta and rel=noopener",
+         SCHEME_FROM: 'https',
+         SCHEME_TO: 'http',
+         RESULT: 'none'},
+        {NAME: 'no-meta-rel-noopener',
+         META_POLICY: '',
+         DESC: "no meta and rel=noopener",
+         SCHEME_FROM: 'https',
+         SCHEME_TO: 'http',
+         RESULT: 'none'},
+
+        // Referrer policy is set in Referrer-Policy Header
+        {NAME: 'origin-in-referrer-policy-header-rel-noopener',
+         RP_HEADER: 'origin',
+         DESC: "origin in Referrer-Policy Header and rel=noopener",
+         SCHEME_FROM: 'https',
+         SCHEME_TO: 'http',
+         RESULT: 'origin'},
+        {NAME: 'unsafe-url-in-referrer-policy-header-rel-noopener',
+         RP_HEADER: 'unsafe-url',
+         DESC: "unsafe-url in Referrer-Policy Header and rel=noopener",
+         SCHEME_FROM: 'https',
+         SCHEME_TO: 'http',
+         RESULT: 'full'},
+        {NAME: 'no-referrer-in-referrer-policy-header-rel-noopener',
+         RP_HEADER: 'no-referrer',
+         DESC: "no-referrer in Referrer-Policy Header and rel=noopener",
+         SCHEME_FROM: 'https',
+         SCHEME_TO: 'http',
+         RESULT: 'none'},
+        {NAME: 'strict-origin-in-referrer-policy-header-rel-noopener',
+         RP_HEADER: 'strict-origin',
+         DESC: "strict-origin in Referrer-Policy Header and rel=noopener",
+         SCHEME_FROM: 'https',
+         SCHEME_TO: 'http',
+         RESULT: 'none'},
+        {NAME: 'strict-origin-when-cross-origin-in-referrer-policy-header-rel-noopener',
+         RP_HEADER: 'strict-origin-when-cross-origin',
+         DESC: "strict-origin-when-cross-origin in Referrer-Policy Header and rel=noopener",
+         SCHEME_FROM: 'https',
+         SCHEME_TO: 'http',
+         RESULT: 'none'},
+        {NAME: 'same-origin-in-referrer-policy-header-rel-noopener',
+         RP_HEADER: 'same-origin',
+         DESC: "same-origin in Referrer-Policy Header and rel=noopener",
+         SCHEME_FROM: 'https',
+         SCHEME_TO: 'http',
+         RESULT: 'none'},
+        {NAME: 'no-referrer-policy-header-rel-noopener',
+         RP_HEADER: '',
+         DESC: "no Referrer-Policy Header and rel=noopener",
+         SCHEME_FROM: 'https',
+         SCHEME_TO: 'http',
+         RESULT: 'none'}
+
+      ]}
+  ];
+  </script>
+  <script type="application/javascript" src="referrer_helper.js"></script>
+</head>
+<body onload="tests.next();">
+  <iframe id="testframe"></iframe>
+</body>
+</html>
+