Closed
Bug 1184781
Opened 9 years ago
Closed 8 years ago
Additional referrer policy tests
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
People
(Reporter: franziskus, Assigned: franziskus)
References
(Depends on 1 open bug)
Details
(Whiteboard: tpe-seceng)
Attachments
(1 file, 1 obsolete file)
|
(deleted),
patch
|
franziskus
:
review+
|
Details | Diff | Splinter Review |
More tests for referrer policies [1].
[1] https://w3c.github.io/webappsec/specs/referrer-policy/
|
Assignee | |
Comment 1•9 years ago
|
||
this requires src and tests from bug 1175736 and bug 1174913
Attachment #8636197 -
Flags: review?(mozilla)
|
|
Assignee | |
Updated•9 years ago
|
Assignee: nobody → franziskuskiefer
|
||
Comment 2•9 years ago
|
||
Comment on attachment 8636197 [details] [diff] [review]
testing img and iframe referrer on redirect delivered with meta or attribute
Review of attachment 8636197 [details] [diff] [review]:
-----------------------------------------------------------------
r=me, but consider what I've suggested about https in regards of B2g (see comment further down).
::: dom/base/test/referrer_testserver.sjs
@@ +7,5 @@
> Components.utils.importGlobalProperties(["URLSearchParams"]);
> +const SJS = 'referrer_testserver.sjs?';
> +const BASE_URL = 'example.com/tests/dom/base/test/' + SJS;
> +const SAME_ORIGIN = 'mochi.test:8888/tests/dom/base/test/' + SJS;
> +const OTHER_ORIGIN = 'test1.example.com/tests/dom/base/test/' + SJS;
nit: CROSS_ORIGIN
@@ +185,5 @@
> + // 302 found, 301 Moved Permanently, 303 See Other, 307 Temporary Redirect
> + response.setStatusLine('1.1', 302, 'found');
> + response.setHeader('Location', scheme + "://" + OTHER_ORIGIN + params.toString(), false);
> + return;
> + }
Nit: sometimes you use single quotes, sometimes double quotes when you compare the action against the string literal, please be consistent.
::: dom/base/test/test_referrer_redirect.html
@@ +12,5 @@
> + -->
> +
> + <script type="application/javascript;version=1.8">
> +
> + const sjs = "/tests/dom/base/test/referrer_testserver.sjs?";
why is sjs lower case and all other consts are uppercase?
@@ +33,5 @@
> + {ATTRIBUTE_POLICY: 'no-referrer',
> + NAME: 'no-referrer-with-no-meta',
> + DESC: "no-referrer (img/iframe) with no meta",
> + RESULT: 'none',
> + SCHEME: 'http'},
Looks good, but please use curly braces on their own lines:
{
ATTRIBUTE_POLICY: 'no-referrer',
NAME: 'no-referrer-with-no-meta',
DESC: "no-referrer (img/iframe) with no meta",
RESULT: 'none',
SCHEME: 'http'
},
{
bla bla bla
@@ +38,5 @@
> + {ATTRIBUTE_POLICY: 'no-referrer',
> + NAME: 'no-referrer-with-no-meta',
> + DESC: "no-referrer (img/iframe) with no meta",
> + RESULT: 'none',
> + SCHEME: 'https'},
Does https work on B2G now? Otherwise you would have to disable that test on some platforms. I wouldn't mind if you just remove the https tests, should have enough test coverage without the different schemes. I'd prefer to have some redirect tests working on B2G then having all of them disabled. Up to you though!
Attachment #8636197 -
Flags: review?(mozilla) → review+
|
|
Assignee | |
Comment 3•9 years ago
|
||
|
|
Assignee | |
Comment 4•9 years ago
|
||
|
|
Assignee | |
Comment 5•9 years ago
|
||
|
|
Assignee | |
Comment 6•9 years ago
|
||
r+ carries over (rebase & clean up)
https://treeherder.mozilla.org/#/jobs?repo=try&revision=86f130480823
Attachment #8636197 -
Attachment is obsolete: true
Attachment #8637316 -
Flags: review+
|
|
Assignee | |
Updated•9 years ago
|
Keywords: checkin-needed,
leave-open
Summary: referrer policy tests → Additional referrer policy tests
Keywords: checkin-needed
|
|
Assignee | |
Updated•9 years ago
|
Whiteboard: tpe-seceng
|
||
Updated•8 years ago
|
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
|
||
Comment 9•7 years ago
|
||
Removing leave-open keyword from resolved bugs, per :sylvestre.
Keywords: leave-open
|
||
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•