1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
content / public / test / referrer_unittest.cc [blame]
// Copyright 2017 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "content/public/common/referrer.h"
#include <tuple>
#include "base/test/gtest_util.h"
#include "net/url_request/referrer_policy.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "third_party/blink/public/common/features.h"
#include "third_party/blink/public/common/loader/referrer_utils.h"
namespace content {
using ReferrerSanitizerTest = testing::Test;
TEST_F(ReferrerSanitizerTest, SanitizesPolicyForEmptyReferrers) {
EXPECT_DCHECK_DEATH(
std::ignore = Referrer::SanitizeForRequest(
GURL("https://a"),
Referrer(GURL(), static_cast<network::mojom::ReferrerPolicy>(200))));
}
TEST_F(ReferrerSanitizerTest, SanitizesPolicyForNonEmptyReferrers) {
EXPECT_DCHECK_DEATH(
std::ignore = Referrer::SanitizeForRequest(
GURL("https://a"),
Referrer(GURL("http://b"),
static_cast<network::mojom::ReferrerPolicy>(200))));
}
TEST_F(ReferrerSanitizerTest, SanitizeOriginForRequest) {
GURL url_a = GURL("https://a.example.com");
GURL url_b = GURL("https://b.example.com");
url::Origin origin_a = url::Origin::Create(url_a);
url::Origin origin_b = url::Origin::Create(url_b);
url::Origin origin_a_opaque = origin_a.DeriveNewOpaqueOrigin();
// Original origin should be returned when the policy is compatible with the
// target.
EXPECT_EQ(origin_a,
Referrer::SanitizeOriginForRequest(
url_a, origin_a, network::mojom::ReferrerPolicy::kSameOrigin));
EXPECT_EQ(origin_b,
Referrer::SanitizeOriginForRequest(
url_a, origin_b, network::mojom::ReferrerPolicy::kAlways));
// Opaque origin should be returned when the policy asks to avoid disclosing
// the referrer to the target.
EXPECT_TRUE(Referrer::SanitizeOriginForRequest(
url_a, origin_b, network::mojom::ReferrerPolicy::kNever)
.opaque());
EXPECT_TRUE(Referrer::SanitizeOriginForRequest(
url_a, origin_b, network::mojom::ReferrerPolicy::kSameOrigin)
.opaque());
// Okay to use an opaque origin as a target - a *unique* opaque origin should
// be returned.
url::Origin result = Referrer::SanitizeOriginForRequest(
url_a, origin_a_opaque, network::mojom::ReferrerPolicy::kAlways);
EXPECT_TRUE(result.opaque());
EXPECT_FALSE(result.CanBeDerivedFrom(url_a));
EXPECT_NE(result, origin_a_opaque);
}
TEST(ReferrerSanitizerTest, OnlyHTTPFamilyReferrer) {
auto result = Referrer::SanitizeForRequest(
GURL("https://a"),
Referrer(GURL("chrome-extension://ghbmnnjooekpmoecnnnilnnbdlolhkhi"),
network::mojom::ReferrerPolicy::kAlways));
EXPECT_TRUE(result.url.is_empty());
}
TEST(ReferrerSanitizerTest, AboutBlankURLRequest) {
auto result = Referrer::SanitizeForRequest(
GURL("about:blank"),
Referrer(GURL("http://foo"), network::mojom::ReferrerPolicy::kAlways));
EXPECT_EQ(result.url, GURL("http://foo"));
}
TEST(ReferrerSanitizerTest, HTTPURLRequest) {
auto result = Referrer::SanitizeForRequest(
GURL("http://bar"),
Referrer(GURL("http://foo"), network::mojom::ReferrerPolicy::kAlways));
EXPECT_EQ(result.url, GURL("http://foo"));
}
TEST(ReferrerSanitizerTest, DataURLRequest) {
auto result = Referrer::SanitizeForRequest(
GURL("data:text/html,<div>foo</div>"),
Referrer(GURL("http://foo"), network::mojom::ReferrerPolicy::kAlways));
EXPECT_EQ(result.url, GURL("http://foo"));
}
TEST(ReferrerTest, BlinkNetRoundTripConversion) {
const net::ReferrerPolicy policies[] = {
net::ReferrerPolicy::CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE,
net::ReferrerPolicy::REDUCE_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN,
net::ReferrerPolicy::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN,
net::ReferrerPolicy::NEVER_CLEAR,
net::ReferrerPolicy::ORIGIN,
net::ReferrerPolicy::CLEAR_ON_TRANSITION_CROSS_ORIGIN,
net::ReferrerPolicy::ORIGIN_CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE,
net::ReferrerPolicy::NO_REFERRER,
};
for (auto policy : policies) {
EXPECT_EQ(Referrer::ReferrerPolicyForUrlRequest(
blink::ReferrerUtils::NetToMojoReferrerPolicy(policy)),
policy);
}
}
} // namespace content