Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-06-06 16:45:39 +00:00
Code Issues Projects Releases Packages Wiki Activity

net: Add "origin" and "same-origin" referrer policies, replacing "origin-only".

Browse source
This commit is contained in:
Aravind Gollakota 2016-06-30 19:02:12 -07:00
parent d62de85094
commit eeccb75fc1
8 changed files with 37 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

3
components/msg/constellation_msg.rs
View file

@ -333,7 +333,8 @@ pub enum FrameType {
pub enum ReferrerPolicy {
NoReferrer,
NoRefWhenDowngrade,
OriginOnly,
Origin,
SameOrigin,
OriginWhenCrossOrigin,
UnsafeUrl,
}

3
components/net/http_loader.rs
View file

@ -458,7 +458,8 @@ pub fn determine_request_referrer(headers: &mut Headers,
let cross_origin = ref_url.origin() != url.origin();
return match referrer_policy {
Some(ReferrerPolicy::NoReferrer) => None,
Some(ReferrerPolicy::OriginOnly) => strip_url(ref_url, true),
Some(ReferrerPolicy::Origin) => strip_url(ref_url, true),
Some(ReferrerPolicy::SameOrigin) => if cross_origin { None } else { strip_url(ref_url, false) },
Some(ReferrerPolicy::UnsafeUrl) => strip_url(ref_url, false),
Some(ReferrerPolicy::OriginWhenCrossOrigin) => strip_url(ref_url, cross_origin),
Some(ReferrerPolicy::NoRefWhenDowngrade) | None => no_ref_when_downgrade_header(ref_url, url),

3
components/script/dom/document.rs
View file

@ -2818,7 +2818,8 @@ pub fn determine_policy_for_token(token: &str) -> Option<ReferrerPolicy> {
return match lower.as_ref() {
"never" | "no-referrer" => Some(ReferrerPolicy::NoReferrer),
"default" | "no-referrer-when-downgrade" => Some(ReferrerPolicy::NoRefWhenDowngrade),
"origin" => Some(ReferrerPolicy::OriginOnly),
"origin" => Some(ReferrerPolicy::Origin),
"same-origin" => Some(ReferrerPolicy::SameOrigin),
"origin-when-cross-origin" => Some(ReferrerPolicy::OriginWhenCrossOrigin),
"always" | "unsafe-url" => Some(ReferrerPolicy::UnsafeUrl),
"" => Some(ReferrerPolicy::NoReferrer),

33
tests/unit/net/http_loader.rs
View file

@ -1626,10 +1626,10 @@ fn assert_referer_header_not_included(origin_info: &LoadOrigin, request_url: &st
}
#[test]
fn test_referer_set_to_origin_with_originonly_policy() {
fn test_referer_set_to_origin_with_origin_policy() {
let request_url = "http://mozilla.com";
let referrer_url = "http://username:password@someurl.com/some/path#fragment";
let referrer_policy = Some(ReferrerPolicy::OriginOnly);
let referrer_policy = Some(ReferrerPolicy::Origin);
let expected_referrer = "http://someurl.com/";
let origin_info = LoadOriginInfo {
@ -1640,6 +1640,35 @@ fn test_referer_set_to_origin_with_originonly_policy() {
assert_referer_header_matches(&origin_info, request_url, expected_referrer);
}
#[test]
fn test_referer_set_to_ref_url_with_sameorigin_policy_same_orig() {
let request_url = "http://mozilla.com";
let referrer_url = "http://username:password@mozilla.com/some/path#fragment";
let referrer_policy = Some(ReferrerPolicy::SameOrigin);
let expected_referrer = "http://mozilla.com/some/path";
let origin_info = LoadOriginInfo {
referrer_url: referrer_url,
referrer_policy: referrer_policy
};
assert_referer_header_matches(&origin_info, request_url, expected_referrer);
}
#[test]
fn test_no_referer_set_with_sameorigin_policy_cross_orig() {
let request_url = "http://mozilla.com";
let referrer_url = "http://username:password@someurl.com/some/path#fragment";
let referrer_policy = Some(ReferrerPolicy::SameOrigin);
let origin_info = LoadOriginInfo {
referrer_url: referrer_url,
referrer_policy: referrer_policy
};
assert_referer_header_not_included(&origin_info, request_url);
}
#[test]
fn test_referer_set_to_stripped_url_with_unsafeurl_policy() {
let request_url = "http://mozilla.com";

5
tests/wpt/metadata/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.keep-origin-redirect.http.html.ini
View file

@ -1,5 +0,0 @@
[cross-origin.keep-origin-redirect.http.html]
type: testharness
[The referrer URL is omitted when a\n document served over http requires an http\n sub-resource via xhr-request using the meta-referrer\n delivery method with keep-origin-redirect and when\n the target request is cross-origin.]
expected: FAIL

5
tests/wpt/metadata/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.no-redirect.http.html.ini
View file

@ -1,5 +0,0 @@
[cross-origin.no-redirect.http.html]
type: testharness
[The referrer URL is omitted when a\n document served over http requires an http\n sub-resource via xhr-request using the meta-referrer\n delivery method with no-redirect and when\n the target request is cross-origin.]
expected: FAIL

5
tests/wpt/metadata/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.swap-origin-redirect.http.html.ini
View file

@ -1,5 +0,0 @@
[cross-origin.swap-origin-redirect.http.html]
type: testharness
[The referrer URL is omitted when a\n document served over http requires an http\n sub-resource via xhr-request using the meta-referrer\n delivery method with swap-origin-redirect and when\n the target request is cross-origin.]
expected: FAIL

5
tests/wpt/metadata/referrer-policy/same-origin/meta-referrer/same-origin/http-http/xhr-request/same-origin-insecure.swap-origin-redirect.http.html.ini
View file

@ -1,5 +0,0 @@
[same-origin-insecure.swap-origin-redirect.http.html]
type: testharness
[The referrer URL is omitted when a\n document served over http requires an http\n sub-resource via xhr-request using the meta-referrer\n delivery method with swap-origin-redirect and when\n the target request is same-origin.]
expected: FAIL