Bug 1192940 - Support referrer policy in sendBeacon r=Ehsan

MozReview-Commit-ID: FEyqInOkiT6

--HG--
extra : rebase_source : 573e9b2c9ae906f7b75983c4cc4edcea7cfeff92
This commit is contained in:
Thomas Nguyen 2017-03-17 11:53:16 +08:00
Родитель 9f8808666b
Коммит 7c3117165a
17 изменённых файлов: 343 добавлений и 10 удалений

Просмотреть файл

@ -1213,7 +1213,8 @@ Navigator::SendBeaconInternal(const nsAString& aUrl,
aRv.Throw(NS_ERROR_DOM_BAD_URI);
return false;
}
rv = httpChannel->SetReferrer(documentURI);
mozilla::net::ReferrerPolicy referrerPolicy = doc->GetReferrerPolicy();
rv = httpChannel->SetReferrerWithPolicy(documentURI, referrerPolicy);
MOZ_ASSERT(NS_SUCCEEDED(rv));
nsCOMPtr<nsIInputStream> in;

Просмотреть файл

@ -17754,6 +17754,16 @@
{}
]
],
"beacon/headers/header-referrer.js": [
[
{}
]
],
"beacon/resources/inspect-header.py": [
[
{}
]
],
"bluetooth/bluetooth-helpers.js": [
[
{}
@ -81799,6 +81809,54 @@
{}
]
],
"beacon/headers/header-referrer-no-referrer-when-downgrade.https.html": [
[
"/beacon/headers/header-referrer-no-referrer-when-downgrade.https.html",
{}
]
],
"beacon/headers/header-referrer-no-referrer.html": [
[
"/beacon/headers/header-referrer-no-referrer.html",
{}
]
],
"beacon/headers/header-referrer-origin-when-cross-origin.html": [
[
"/beacon/headers/header-referrer-origin-when-cross-origin.html",
{}
]
],
"beacon/headers/header-referrer-origin.html": [
[
"/beacon/headers/header-referrer-origin.html",
{}
]
],
"beacon/headers/header-referrer-same-origin.html": [
[
"/beacon/headers/header-referrer-same-origin.html",
{}
]
],
"beacon/headers/header-referrer-strict-origin-when-cross-origin.https.html": [
[
"/beacon/headers/header-referrer-strict-origin-when-cross-origin.https.html",
{}
]
],
"beacon/headers/header-referrer-strict-origin.https.html": [
[
"/beacon/headers/header-referrer-strict-origin.https.html",
{}
]
],
"beacon/headers/header-referrer-unsafe-url.https.html": [
[
"/beacon/headers/header-referrer-unsafe-url.https.html",
{}
]
],
"clear-site-data/navigation.html": [
[
"/clear-site-data/navigation.html",
@ -139552,6 +139610,46 @@
"61b61d09a21daee964e0ebd26f7bdfdd1964c8ae",
"support"
],
"beacon/headers/header-referrer-no-referrer-when-downgrade.https.html": [
"273c7d0110d5efc9fac0029cd257256894d3eb4b",
"testharness"
],
"beacon/headers/header-referrer-no-referrer.html": [
"26a0a9453b36efbadb05c8185efe7f9a0d9d54c9",
"testharness"
],
"beacon/headers/header-referrer-origin-when-cross-origin.html": [
"9633758fe59279cfe93333989d26c017f59ab2ac",
"testharness"
],
"beacon/headers/header-referrer-origin.html": [
"1329850363c327533f50e509c6a48f6e4b1ed4bb",
"testharness"
],
"beacon/headers/header-referrer-same-origin.html": [
"9701f2f0a83c6eeefe781d7de2c0cdbcff38b58e",
"testharness"
],
"beacon/headers/header-referrer-strict-origin-when-cross-origin.https.html": [
"79b4a278f0e35646cfdffeebf8f0523e2772bc9b",
"testharness"
],
"beacon/headers/header-referrer-strict-origin.https.html": [
"295ef746c475fca0ae8b492375a48948b4ea19c3",
"testharness"
],
"beacon/headers/header-referrer-unsafe-url.https.html": [
"a7b6e697be165124ed5d6846335c8d3a38ee98f5",
"testharness"
],
"beacon/headers/header-referrer.js": [
"1836174ce84714c39333a4cf863ec994ed70ff93",
"support"
],
"beacon/resources/inspect-header.py": [
"e70503e7fb71617b9be631d5f2a9e73cacd83e3f",
"support"
],
"bluetooth/bluetooth-helpers.js": [
"9794b578f1c5c08126fc10653e4beed1f1721d0c",
"support"
@ -164832,7 +164930,7 @@
"44b2d8846c79ddf7eb8cb3ab76d8899b7e783fad",
"manual"
],
"geolocation-API/getCurrentPosition_permission_deny.html": [
"geolocation-API/getCurrentPosition_permission_deny.https.html": [
"28939dd8e719ba66497a814edd1f4500ad348e95",
"testharness"
],
@ -176681,11 +176779,11 @@
"testharness"
],
"html/semantics/forms/textfieldselection/selection-start-end.html": [
"1f3184b72aba5631d6db4379dfa98035ee047283",
"755fb11ec3d9440d3883ec3e2820a9e77fc144ae",
"testharness"
],
"html/semantics/forms/textfieldselection/selection.html": [
"f7674721b84ec8fca0e5e40258447ce857b87784",
"7f3969423e86313ec20846c84f8deecc95048b82",
"testharness"
],
"html/semantics/forms/textfieldselection/textfieldselection-setRangeText.html": [
@ -176693,7 +176791,7 @@
"testharness"
],
"html/semantics/forms/textfieldselection/textfieldselection-setSelectionRange.html": [
"462049246a2ef3e66c22017ec6ad362e07b467e6",
"ffcef015b49fd156cc529117509f0ae0a38234bd",
"testharness"
],
"html/semantics/forms/the-button-element/.gitkeep": [
@ -179461,7 +179559,7 @@
"testharness"
],
"html/webappapis/scripting/events/event-handler-processing-algorithm.html": [
"a7c163d53eb559ea710527cace404ed88e9c4d0a",
"9a1fa2065ba742d6ab945065d65bdc0f60783d94",
"testharness"
],
"html/webappapis/scripting/events/event-handler-spec-example.html": [
@ -200141,7 +200239,7 @@
"testharness"
],
"service-workers/service-worker/postmessage-from-waiting-serviceworker.https.html": [
"a3a2734be01c2e410a32daf9342f1e211ce22325",
"99519ec3ef70e08fe42fce50bb6e9d643a2daa9f",
"testharness"
],
"service-workers/service-worker/postmessage-msgport-to-client.https.html": [
@ -200309,7 +200407,7 @@
"support"
],
"service-workers/service-worker/resources/echo-message-to-source-worker.js": [
"449055cd2d8c41f2e3c78a8a748287faee664759",
"760b04aa2e36f55cfdbea0871a7424f787734a6e",
"support"
],
"service-workers/service-worker/resources/empty-but-slow-worker.js": [
@ -219277,7 +219375,7 @@
"support"
],
"webvtt/webvtt-file-format-parsing/webvtt-file-parsing/support/newlines.vtt": [
"ba3848383a2197647a9c34c52150991ecb87f22a",
"a5bfb88a0066da230fbf05f0cf9d200f73c0bb12",
"support"
],
"webvtt/webvtt-file-format-parsing/webvtt-file-parsing/support/no-signature.vtt": [

Просмотреть файл

@ -0,0 +1,3 @@
[header-referrer-no-referrer-when-downgrade.https.html]
type: testharness
prefs: [security.mixed_content.block_active_content:false, security.mixed_content.block_display_content:false]

Просмотреть файл

@ -0,0 +1,4 @@
[header-referrer-strict-origin-when-cross-origin.https.html]
type: testharness
prefs: [security.mixed_content.block_active_content:false, security.mixed_content.block_display_content:false]

Просмотреть файл

@ -0,0 +1,3 @@
[header-referrer-strict-origin.https.html]
type: testharness
prefs: [security.mixed_content.block_active_content:false, security.mixed_content.block_display_content:false]

Просмотреть файл

@ -0,0 +1,3 @@
[header-referrer-unsafe-url.https.html]
type: testharness
prefs: [security.mixed_content.block_active_content:false, security.mixed_content.block_display_content:false]

Просмотреть файл

@ -900,7 +900,7 @@
"testharness"
],
"html/semantics/forms/textfieldselection/selection-value-interactions.html": [
"6c5e95a8f2f11d106e669eb82b46ffff73d08335",
"2083d78d4a6a7b48994f17909790dfeb1ac903ae",
"testharness"
],
"html/semantics/scripting-1/the-script-element/create-module-script.html": [

Просмотреть файл

@ -0,0 +1,21 @@
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>SendBeacon Referrer Header No Referrer When Downgrade Policy</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<meta name='referrer' content='no-referrer-when-downgrade'>
</head>
<body>
<script src="/common/utils.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<script src="/beacon/headers/header-referrer.js"></script>
<script>
var testBase = get_host_info().HTTPS_ORIGIN + RESOURCES_DIR;
testReferrerHeader(testBase, referrerUrl);
testBase = get_host_info().HTTP_ORIGIN + RESOURCES_DIR;
testReferrerHeader(testBase, "");
</script>
</body>
</html>

Просмотреть файл

@ -0,0 +1,19 @@
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>SendBeacon Referrer Header No Referrer Policy</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<meta name='referrer' content='no-referrer'>
</head>
<body>
<script src="/common/utils.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<script src="header-referrer.js"></script>
<script>
var testBase = RESOURCES_DIR;
testReferrerHeader(testBase, "");
</script>
</body>
</html>

Просмотреть файл

@ -0,0 +1,21 @@
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>SendBeacon Referrer Header Origin When Cross Origin Policy</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<meta name='referrer' content='origin-when-cross-origin'>
</head>
<body>
<script src="/common/utils.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<script src="header-referrer.js"></script>
<script>
var testBase = get_host_info().HTTP_ORIGIN + RESOURCES_DIR;
testReferrerHeader(testBase, referrerUrl);
testBase = get_host_info().HTTP_REMOTE_ORIGIN + RESOURCES_DIR;
testReferrerHeader(testBase, referrerOrigin);
</script>
</body>
</html>

Просмотреть файл

@ -0,0 +1,19 @@
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>SendBeacon Referrer Header Origin Policy</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<meta name='referrer' content='origin'>
</head>
<body>
<script src="/common/utils.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<script src="header-referrer.js"></script>
<script>
var testBase = get_host_info().HTTP_REMOTE_ORIGIN + RESOURCES_DIR;
testReferrerHeader(testBase, referrerOrigin);
</script>
</body>
</html>

Просмотреть файл

@ -0,0 +1,21 @@
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>SendBeacon Referrer Header Same Origin Policy</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<meta name='referrer' content='same-origin'>
</head>
<body>
<script src="/common/utils.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<script src="header-referrer.js"></script>
<script>
var testBase = RESOURCES_DIR;
testReferrerHeader(testBase, referrerUrl);
testBase = get_host_info().HTTP_REMOTE_ORIGIN + RESOURCES_DIR;
testReferrerHeader(testBase, "");
</script>
</body>
</html>

Просмотреть файл

@ -0,0 +1,21 @@
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>SendBeacon Referrer Header Strict Origin Policy</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<meta name='referrer' content='strict-origin'>
</head>
<body>
<script src="/common/utils.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<script src="/beacon/headers/header-referrer.js"></script>
<script>
var testBase = get_host_info().HTTPS_ORIGIN + RESOURCES_DIR;
testReferrerHeader(testBase, referrerOrigin);
testBase = get_host_info().HTTP_ORIGIN + RESOURCES_DIR;
testReferrerHeader(testBase, "");
</script>
</body>
</html>

Просмотреть файл

@ -0,0 +1,21 @@
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>SendBeacon Referrer Header Strict Origin Policy</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<meta name='referrer' content='strict-origin'>
</head>
<body>
<script src="/common/utils.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<script src="/beacon/headers/header-referrer.js"></script>
<script>
var testBase = get_host_info().HTTPS_ORIGIN + RESOURCES_DIR;
testReferrerHeader(testBase, referrerOrigin);
testBase = get_host_info().HTTP_ORIGIN + RESOURCES_DIR;
testReferrerHeader(testBase, "");
</script>
</body>
</html>

Просмотреть файл

@ -0,0 +1,19 @@
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>SendBeacon Referrer Header Unsafe Url Policy</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<meta name='referrer' content='unsafe-url'>
</head>
<body>
<script src="/common/utils.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<script src="/beacon/headers/header-referrer.js"></script>
<script>
var testBase = get_host_info().HTTP_ORIGIN + RESOURCES_DIR;
testReferrerHeader(testBase, referrerUrl);
</script>
</body>
</html>

Просмотреть файл

@ -0,0 +1,41 @@
var RESOURCES_DIR = "/beacon/resources/";
var referrerOrigin = self.location.origin + '/';
var referrerUrl = self.location.href;
function testReferrerHeader(testBase, expectedReferrer) {
var id = self.token();
var testUrl = testBase + "inspect-header.py?header=referer&cmd=put&id=" + id;
promise_test(function(test) {
assert_true(navigator.sendBeacon(testUrl), "SendBeacon Succeeded");
return pollResult(expectedReferrer, id) .then(result => {
assert_equals(result, expectedReferrer, "Correct referrer header result");
});
}, "Successful test ");
}
// SendBeacon is an asynchronous and non-blocking request to a web server.
// We may have to create a poll loop to get result from server
function pollResult(expectedReferrer, id) {
var checkUrl = RESOURCES_DIR + "inspect-header.py?header=referer&cmd=get&id=" + id;
return new Promise(resolve => {
function checkResult() {
fetch(checkUrl).then(
function(response) {
assert_equals(response.status, 200, "Inspect header response's status is 200");
let result = response.headers.get("x-request-referer");
if (result != undefined) {
resolve(result);
} else {
step_timeout(checkResult.bind(this), 100);
}
});
}
checkResult();
});
}

Просмотреть файл

@ -0,0 +1,18 @@
def main(request, response):
headers = [("Content-Type", "text/plain")]
command = request.GET.first("cmd").lower();
test_id = request.GET.first("id")
header = request.GET.first("header")
if command == "put":
request.server.stash.put(test_id, request.headers.get(header, ""))
elif command == "get":
stashed_header = request.server.stash.take(test_id)
if stashed_header is not None:
headers.append(("x-request-" + header, stashed_header ))
else:
response.set_error(400, "Bad Command")
return "ERROR: Bad Command!"
return headers, ""