1
    2
    3
    4
    5
    6
    7
    8
    9
   10
   11
   12
   13
   14
   15
   16
   17
   18
   19
   20
   21
   22
   23
   24
   25
   26
   27
   28
   29
   30
   31
   32
   33
   34
   35
   36
   37
   38
   39
   40
   41
   42
   43
   44
   45
   46
   47
   48
   49
   50
   51
   52
   53
   54
   55
   56
   57
   58
   59
   60
   61
   62
   63
   64
   65
   66
   67
   68
   69
   70
   71
   72
   73
   74
   75
   76
   77
   78
   79
   80
   81
   82
   83
   84
   85
   86
   87
   88
   89
   90
   91
   92
   93
   94
   95
   96
   97
   98
   99
  100
  101
  102
  103
  104
  105
  106
  107
  108
  109
  110
  111
  112
  113
  114
  115
  116


content / public / test / referrer_unittest.cc [blame]

// Copyright 2017 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "content/public/common/referrer.h"

#include <tuple>

#include "base/test/gtest_util.h"
#include "net/url_request/referrer_policy.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "third_party/blink/public/common/features.h"
#include "third_party/blink/public/common/loader/referrer_utils.h"

namespace content {

using ReferrerSanitizerTest = testing::Test;

TEST_F(ReferrerSanitizerTest, SanitizesPolicyForEmptyReferrers) {
  EXPECT_DCHECK_DEATH(
      std::ignore = Referrer::SanitizeForRequest(
          GURL("https://a"),
          Referrer(GURL(), static_cast<network::mojom::ReferrerPolicy>(200))));
}

TEST_F(ReferrerSanitizerTest, SanitizesPolicyForNonEmptyReferrers) {
  EXPECT_DCHECK_DEATH(
      std::ignore = Referrer::SanitizeForRequest(
          GURL("https://a"),
          Referrer(GURL("http://b"),
                   static_cast<network::mojom::ReferrerPolicy>(200))));
}

TEST_F(ReferrerSanitizerTest, SanitizeOriginForRequest) {
  GURL url_a = GURL("https://a.example.com");
  GURL url_b = GURL("https://b.example.com");
  url::Origin origin_a = url::Origin::Create(url_a);
  url::Origin origin_b = url::Origin::Create(url_b);
  url::Origin origin_a_opaque = origin_a.DeriveNewOpaqueOrigin();

  // Original origin should be returned when the policy is compatible with the
  // target.
  EXPECT_EQ(origin_a,
            Referrer::SanitizeOriginForRequest(
                url_a, origin_a, network::mojom::ReferrerPolicy::kSameOrigin));
  EXPECT_EQ(origin_b,
            Referrer::SanitizeOriginForRequest(
                url_a, origin_b, network::mojom::ReferrerPolicy::kAlways));

  // Opaque origin should be returned when the policy asks to avoid disclosing
  // the referrer to the target.
  EXPECT_TRUE(Referrer::SanitizeOriginForRequest(
                  url_a, origin_b, network::mojom::ReferrerPolicy::kNever)
                  .opaque());
  EXPECT_TRUE(Referrer::SanitizeOriginForRequest(
                  url_a, origin_b, network::mojom::ReferrerPolicy::kSameOrigin)
                  .opaque());

  // Okay to use an opaque origin as a target - a *unique* opaque origin should
  // be returned.
  url::Origin result = Referrer::SanitizeOriginForRequest(
      url_a, origin_a_opaque, network::mojom::ReferrerPolicy::kAlways);
  EXPECT_TRUE(result.opaque());
  EXPECT_FALSE(result.CanBeDerivedFrom(url_a));
  EXPECT_NE(result, origin_a_opaque);
}

TEST(ReferrerSanitizerTest, OnlyHTTPFamilyReferrer) {
  auto result = Referrer::SanitizeForRequest(
      GURL("https://a"),
      Referrer(GURL("chrome-extension://ghbmnnjooekpmoecnnnilnnbdlolhkhi"),
               network::mojom::ReferrerPolicy::kAlways));
  EXPECT_TRUE(result.url.is_empty());
}

TEST(ReferrerSanitizerTest, AboutBlankURLRequest) {
  auto result = Referrer::SanitizeForRequest(
      GURL("about:blank"),
      Referrer(GURL("http://foo"), network::mojom::ReferrerPolicy::kAlways));
  EXPECT_EQ(result.url, GURL("http://foo"));
}

TEST(ReferrerSanitizerTest, HTTPURLRequest) {
  auto result = Referrer::SanitizeForRequest(
      GURL("http://bar"),
      Referrer(GURL("http://foo"), network::mojom::ReferrerPolicy::kAlways));
  EXPECT_EQ(result.url, GURL("http://foo"));
}

TEST(ReferrerSanitizerTest, DataURLRequest) {
  auto result = Referrer::SanitizeForRequest(
      GURL("data:text/html,<div>foo</div>"),
      Referrer(GURL("http://foo"), network::mojom::ReferrerPolicy::kAlways));
  EXPECT_EQ(result.url, GURL("http://foo"));
}

TEST(ReferrerTest, BlinkNetRoundTripConversion) {
  const net::ReferrerPolicy policies[] = {
      net::ReferrerPolicy::CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE,
      net::ReferrerPolicy::REDUCE_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN,
      net::ReferrerPolicy::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN,
      net::ReferrerPolicy::NEVER_CLEAR,
      net::ReferrerPolicy::ORIGIN,
      net::ReferrerPolicy::CLEAR_ON_TRANSITION_CROSS_ORIGIN,
      net::ReferrerPolicy::ORIGIN_CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE,
      net::ReferrerPolicy::NO_REFERRER,
  };

  for (auto policy : policies) {
    EXPECT_EQ(Referrer::ReferrerPolicyForUrlRequest(
                  blink::ReferrerUtils::NetToMojoReferrerPolicy(policy)),
              policy);
  }
}

}  // namespace content