| blob | f90887ddf0fa92e4dfdbb92768422b9de3e43390 |
2 <!-- Any copyright is dedicated to the Public Domain.
3 - http://creativecommons.org/publicdomain/zero/1.0/ -->
4 <html>
5 <head>
9 </head>
10 <body>
12 <p><a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=446344">Mozilla Bug 446344</a></p>
17 const EMPTY_ORIGIN = "Origin: ";
19 let testsToRun = [
20 {
21 name: "sendOriginHeader=0 (never)",
22 prefs: [
24 ],
25 results: {
26 framePost: EMPTY_ORIGIN,
27 framePostXOrigin: EMPTY_ORIGIN,
28 frameGet: EMPTY_ORIGIN,
29 framePostNonSandboxed: EMPTY_ORIGIN,
30 framePostNonSandboxedXOrigin: EMPTY_ORIGIN,
31 framePostSandboxed: EMPTY_ORIGIN,
32 framePostSrcDoc: EMPTY_ORIGIN,
33 framePostSrcDocXOrigin: EMPTY_ORIGIN,
34 framePostDataURI: EMPTY_ORIGIN,
35 framePostSameOriginToXOrigin: EMPTY_ORIGIN,
36 framePostXOriginToSameOrigin: EMPTY_ORIGIN,
37 framePostXOriginToXOrigin: EMPTY_ORIGIN,
38 },
39 },
40 {
41 name: "sendOriginHeader=1 (same-origin)",
42 prefs: [
44 ],
45 results: {
46 framePost: "Origin: http://mochi.test:8888",
47 framePostXOrigin: "Origin: null",
48 frameGet: EMPTY_ORIGIN,
49 framePostNonSandboxed: "Origin: http://mochi.test:8888",
50 framePostNonSandboxedXOrigin: "Origin: null",
51 framePostSandboxed: "Origin: null",
52 framePostSrcDoc: "Origin: http://mochi.test:8888",
53 framePostSrcDocXOrigin: "Origin: null",
54 framePostDataURI: "Origin: null",
55 framePostSameOriginToXOrigin: "Origin: null",
56 framePostXOriginToSameOrigin: "Origin: null",
57 framePostXOriginToXOrigin: "Origin: null",
58 },
59 },
60 {
61 name: "sendOriginHeader=2 (always)",
62 prefs: [
64 ],
65 results: {
66 framePost: "Origin: http://mochi.test:8888",
67 framePostXOrigin: "Origin: http://mochi.test:8888",
68 frameGet: EMPTY_ORIGIN,
69 framePostNonSandboxed: "Origin: http://mochi.test:8888",
70 framePostNonSandboxedXOrigin: "Origin: http://mochi.test:8888",
71 framePostSandboxed: "Origin: null",
72 framePostSrcDoc: "Origin: http://mochi.test:8888",
73 framePostSrcDocXOrigin: "Origin: http://mochi.test:8888",
74 framePostDataURI: "Origin: null",
75 framePostSameOriginToXOrigin: "Origin: http://mochi.test:8888",
76 framePostXOriginToSameOrigin: "Origin: null",
77 framePostXOriginToXOrigin: "Origin: http://mochi.test:8888",
78 },
79 },
80 {
81 name: "sendRefererHeader=0 (never)",
82 prefs: [
84 ],
85 results: {
86 framePost: "Origin: http://mochi.test:8888",
87 framePostXOrigin: "Origin: http://mochi.test:8888",
88 frameGet: EMPTY_ORIGIN,
89 framePostNonSandboxed: "Origin: http://mochi.test:8888",
90 framePostNonSandboxedXOrigin: "Origin: http://mochi.test:8888",
91 framePostSandboxed: "Origin: null",
92 framePostSrcDoc: "Origin: http://mochi.test:8888",
93 framePostSrcDocXOrigin: "Origin: http://mochi.test:8888",
94 framePostDataURI: "Origin: null",
95 framePostSameOriginToXOrigin: "Origin: http://mochi.test:8888",
96 framePostXOriginToSameOrigin: "Origin: null",
97 framePostXOriginToXOrigin: "Origin: http://mochi.test:8888",
98 },
99 },
100 {
101 name: "userControlPolicy=0 (no-referrer)",
102 prefs: [
105 ],
106 results: {
107 framePost: "Origin: null",
108 framePostXOrigin: "Origin: null",
109 frameGet: EMPTY_ORIGIN,
110 framePostNonSandboxed: "Origin: null",
111 framePostNonSandboxedXOrigin: "Origin: null",
112 framePostSandboxed: "Origin: null",
113 framePostSrcDoc: "Origin: null",
114 framePostSrcDocXOrigin: "Origin: null",
115 framePostDataURI: "Origin: null",
116 framePostSameOriginToXOrigin: "Origin: null",
117 framePostXOriginToSameOrigin: "Origin: null",
118 framePostXOriginToXOrigin: "Origin: null",
119 },
120 },
121 ];
123 let checksToRun = [
124 {
125 name: "POST",
126 frameID: "framePost",
127 formID: "formPost",
128 },
129 {
130 name: "cross-origin POST",
131 frameID: "framePostXOrigin",
132 formID: "formPostXOrigin",
133 },
134 {
135 name: "GET",
136 frameID: "frameGet",
137 formID: "formGet",
138 },
139 {
140 name: "POST inside iframe",
141 frameID: "framePostNonSandboxed",
142 frameSrc: "HTTP://mochi.test:8888/tests/netwerk/test/mochitests/origin_header_form_post.html",
143 },
144 {
145 name: "cross-origin POST inside iframe",
146 frameID: "framePostNonSandboxedXOrigin",
147 frameSrc: "Http://mochi.test:8888/tests/netwerk/test/mochitests/origin_header_form_post_xorigin.html",
148 },
149 {
150 name: "POST inside sandboxed iframe",
151 frameID: "framePostSandboxed",
152 frameSrc: "http://mochi.test:8888/tests/netwerk/test/mochitests/origin_header_form_post.html",
153 },
154 {
155 name: "POST inside a srcdoc iframe",
156 frameID: "framePostSrcDoc",
157 srcdoc: "origin_header_form_post.html",
158 },
159 {
160 name: "cross-origin POST inside a srcdoc iframe",
161 frameID: "framePostSrcDocXOrigin",
162 srcdoc: "origin_header_form_post_xorigin.html",
163 },
164 {
165 name: "POST inside a data: iframe",
166 frameID: "framePostDataURI",
167 dataURI: "origin_header_form_post.html",
168 },
169 {
170 name: "same-origin POST redirected to cross-origin",
171 frameID: "framePostSameOriginToXOrigin",
172 formID: "formPostSameOriginToXOrigin",
173 },
174 {
175 name: "cross-origin POST redirected to same-origin",
176 frameID: "framePostXOriginToSameOrigin",
177 formID: "formPostXOriginToSameOrigin",
178 },
179 {
180 name: "cross-origin POST redirected to cross-origin",
181 frameID: "framePostXOriginToXOrigin",
182 formID: "formPostXOriginToXOrigin",
183 },
184 ];
186 function frameLoaded(test, check)
187 {
188 let frame = window.document.getElementById(check.frameID);
189 frame.onload = null;
190 let result = SpecialPowers.wrap(frame).contentDocument.documentElement.textContent;
191 is(result, test.results[check.frameID], check.name + " with " + test.name);
192 }
194 function submitForm(test, check)
195 {
196 return new Promise((resolve, reject) => {
197 document.getElementById(check.frameID).onload = () => {
198 frameLoaded(test, check);
199 resolve();
200 };
201 document.getElementById(check.formID).submit();
202 });
203 }
205 function loadIframe(test, check)
206 {
207 return new Promise((resolve, reject) => {
208 let frame = SpecialPowers.wrap(window.document.getElementById(check.frameID));
209 frame.onload = function () {
210 // Ignore the first load and wait for the submitted form instead.
211 let location = frame.contentWindow.location + "";
212 if (location.endsWith("origin_header.sjs")) {
213 frameLoaded(test, check);
214 resolve();
215 }
216 }
217 frame.src = check.frameSrc;
218 });
219 }
221 function loadSrcDocFrame(test, check)
222 {
223 return new Promise((resolve, reject) => {
224 let frame = SpecialPowers.wrap(window.document.getElementById(check.frameID));
225 frame.onload = function () {
226 // Ignore the first load and wait for the submitted form instead.
227 let location = frame.contentWindow.location + "";
228 if (location.endsWith("origin_header.sjs")) {
229 frameLoaded(test, check);
230 resolve();
231 }
232 }
233 fetch(check.srcdoc).then((response) => {
234 response.text().then((body) => {
235 frame.srcdoc = body;
236 });;
237 });
238 });
239 }
241 function loadDataURIFrame(test, check)
242 {
243 return new Promise((resolve, reject) => {
244 let frame = SpecialPowers.wrap(window.document.getElementById(check.frameID));
245 frame.onload = function () {
246 // Ignore the first load and wait for the submitted form instead.
247 let location = frame.contentWindow.location + "";
248 if (location.endsWith("origin_header.sjs")) {
249 frameLoaded(test, check);
250 resolve();
251 }
252 }
253 fetch(check.dataURI).then((response) => {
254 response.text().then((body) => {
255 frame.src = "data:text/html," + encodeURIComponent(body);
256 });;
257 });
258 });
259 }
261 async function resetFrames()
262 {
263 let checkPromises = [];
264 for (let check of checksToRun) {
265 checkPromises.push(new Promise((resolve, reject) => {
266 let frame = document.getElementById(check.frameID);
267 frame.onload = () => resolve();
268 if (check.srcdoc) {
269 frame.srcdoc = "";
270 } else {
271 frame.src = "about:blank";
272 }
273 }));
274 }
275 await Promise.all(checkPromises);
276 }
278 async function runTests()
279 {
280 for (let test of testsToRun) {
281 await resetFrames();
282 await SpecialPowers.pushPrefEnv({"set": test.prefs});
284 let checkPromises = [];
285 for (let check of checksToRun) {
286 if (check.formID) {
287 checkPromises.push(submitForm(test, check));
288 } else if (check.frameSrc) {
289 checkPromises.push(loadIframe(test, check));
290 } else if (check.srcdoc) {
291 checkPromises.push(loadSrcDocFrame(test, check));
292 } else if (check.dataURI) {
293 checkPromises.push(loadDataURIFrame(test, check));
294 } else {
295 ok(false, "Unsupported check");
296 break;
297 }
298 }
299 await Promise.all(checkPromises);
300 };
301 SimpleTest.finish();
302 }
304 SimpleTest.waitForExplicitFinish();
305 SimpleTest.requestLongerTimeout(5); // work around Android timeouts
306 addLoadEvent(runTests);
308 </script>
309 </pre>
310 <table>
311 <tr>
312 <td>
319 </form>
320 </td>
321 <td>
328 </form>
329 </td>
330 <td>
337 </form>
338 </td>
339 <td>
340 <iframe src="about:blank" name="framePostSameOriginToXOrigin" id="framePostSameOriginToXOrigin"></iframe>
341 <form action="redirect_to.sjs?http://test1.mochi.test:8888/tests/netwerk/test/mochitests/origin_header.sjs"
346 </form>
347 </td>
348 <td>
349 <iframe src="about:blank" name="framePostXOriginToSameOrigin" id="framePostXOriginToSameOrigin"></iframe>
350 <form action="http://test1.mochi.test:8888/tests/netwerk/test/mochitests/redirect_to.sjs?http://mochi.test:8888/tests/netwerk/test/mochitests/origin_header.sjs"
355 </form>
356 </td>
357 <td>
358 <iframe src="about:blank" name="framePostXOriginToXOrigin" id="framePostXOriginToXOrigin"></iframe>
359 <form action="http://test1.mochi.test:8888/tests/netwerk/test/mochitests/redirect_to.sjs?/tests/netwerk/test/mochitests/origin_header.sjs"
364 </form>
365 </td>
366 </tr>
367 <tr>
368 <td>
371 </td>
372 <td>
375 </td>
376 <td>
379 </td>
380 </tr>
381 <tr>
382 <td>
385 </td>
386 <td>
389 </td>
390 <td>
393 </td>
394 </tr>
395 </table>
397 </body>
398 </html>