eliott/ladybird
1
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird synced 2026-04-26 09:45:06 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
cfe7ddc80588bbca526bd2ba9433ba6fb40d7e4e
ladybird/Tests/LibWeb/Text/input/HTML/referrer-policy-http-header.html
Tim Ledbetter 82db5c3f20 LibWeb: Parse Referrer-Policy header when creating policy container 
Previously, when creating a policy container from a fetch response, the
Referrer-Policy HTTP header was not being parsed. This meant documents
loaded with a Referrer-Policy header would ignore the policy and use the
default.
2026-01-12 13:07:14 +01:00

103 lines
4.0 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<script src="../include.js"></script>
<script>
asyncTest(async (done) => {
const httpServer = httpTestServer();
const reflectorUrl = await httpServer.createEcho("GET", "/referrer-policy-reflector", {
status: 200,
headers: {
"Access-Control-Allow-Origin": "*",
"Content-Type": "application/json",
},
reflect_headers_in_body: true,
});
const noReferrerIframeUrl = await httpServer.createEcho("GET", "/no-referrer-iframe", {
status: 200,
headers: {
"Content-Type": "text/html",
"Referrer-Policy": "no-referrer",
},
body: `<!DOCTYPE html>
<script>
(async () => {
try {
const response = await fetch("${reflectorUrl}");
const headers = await response.json();
const refererArray = headers["Referer"];
const referer = refererArray ? refererArray[0] : null;
parent.postMessage({ test: "no-referrer", referer: referer }, "*");
} catch (e) {
parent.postMessage({ test: "no-referrer", error: e.message }, "*");
}
})();
<\/script>`,
});
const originIframeUrl = await httpServer.createEcho("GET", "/origin-iframe", {
status: 200,
headers: {
"Content-Type": "text/html",
"Referrer-Policy": "origin",
},
body: `<!DOCTYPE html>
<script>
(async () => {
try {
const response = await fetch("${reflectorUrl}");
const headers = await response.json();
const refererArray = headers["Referer"];
const referer = refererArray ? refererArray[0] : null;
parent.postMessage({ test: "origin", referer: referer }, "*");
} catch (e) {
parent.postMessage({ test: "origin", error: e.message }, "*");
}
})();
<\/script>`,
});
const results = {};
let expectedResults = 2;
addEventListener("message", (event) => {
const { test, referer, error } = event.data;
if (error) {
println(`${test}: ERROR - ${error}`);
} else {
results[test] = referer;
}
expectedResults--;
if (expectedResults === 0) {
if (results["no-referrer"] === null) {
println("no-referrer policy: PASS (no Referer header sent)");
} else {
println(`no-referrer policy: FAIL (Referer was "${results["no-referrer"]}")`);
}
// Verify origin policy: referer should be origin only (e.g., "http://127.0.0.1:PORT/")
const originReferer = results["origin"];
const isOriginOnly = originReferer &&
originReferer.endsWith("/") &&
!originReferer.includes("?") &&
originReferer.match(/^https?:\/\/[^\/]+\/$/) !== null;
if (isOriginOnly) {
println("origin policy: PASS (only origin sent)");
} else {
println(`origin policy: FAIL (Referer was "${originReferer}")`);
}
done();
}
}, false);
const frame1 = document.createElement('iframe');
frame1.src = noReferrerIframeUrl;
document.body.appendChild(frame1);
const frame2 = document.createElement('iframe');
frame2.src = originIframeUrl;
document.body.appendChild(frame2);
});
</script>
Reference in New Issue View Git Blame Copy Permalink