[webkit-changes] [174640] trunk

Sun, 12 Oct 2014 05:56:29 -0700

Title: [174640] trunk
Revision
174640
Author
[email protected]
Date
2014-10-12 05:55:45 -0700 (Sun, 12 Oct 2014)

Log Message

Referrer Policy: Update <meta name="referrer"> values to match the spec
https://bugs.webkit.org/show_bug.cgi?id=137635

Reviewed by Jochen Eisinger.

Source/WebCore:

The Referrer Policy specification ([Working Draft][WD], [Editor's
draft[ED]) defines different keywords than we originally
implemented. We should support them in the interests of clarity and
interoperability with other browsers implementing the specification.

[WD]: http://www.w3.org/TR/referrer-policy/#referrer-policy-delivery-meta
[ED]: http://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-delivery-meta

This patch is a port of Blink's https://codereview.chromium.org/607433002/

Tests: http/tests/security/referrer-policy-conflicting-policies.html
       http/tests/security/referrer-policy-https-no-referrer-when-downgrade.html
       http/tests/security/referrer-policy-https-no-referrer.html
       http/tests/security/referrer-policy-https-unsafe-url.html
       http/tests/security/referrer-policy-no-referrer-when-downgrade.html
       http/tests/security/referrer-policy-no-referrer.html

* dom/Document.cpp:
(WebCore::Document::processReferrerPolicy):

LayoutTests:

* http/tests/security/referrer-policy-https-no-referrer-expected.txt: Added.
* http/tests/security/referrer-policy-https-no-referrer-when-downgrade-expected.txt: Added.
* http/tests/security/referrer-policy-https-no-referrer-when-downgrade.html: Added.
* http/tests/security/referrer-policy-https-no-referrer.html: Added.
* http/tests/security/referrer-policy-https-unsafe-url-expected.txt: Added.
* http/tests/security/referrer-policy-https-unsafe-url.html: Added.
* http/tests/security/referrer-policy-invalid-expected.txt: Update the error message with new keywords.
* http/tests/security/referrer-policy-no-referrer-expected.txt: Added.
* http/tests/security/referrer-policy-no-referrer-when-downgrade-expected.txt: Added.
* http/tests/security/referrer-policy-no-referrer-when-downgrade.html: Added.
* http/tests/security/referrer-policy-no-referrer.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (174639 => 174640)


--- trunk/LayoutTests/ChangeLog	2014-10-12 09:32:10 UTC (rev 174639)
+++ trunk/LayoutTests/ChangeLog	2014-10-12 12:55:45 UTC (rev 174640)
@@ -1,3 +1,22 @@
+2014-10-12  Mike West  <[email protected]>
+
+        Referrer Policy: Update <meta name="referrer"> values to match the spec
+        https://bugs.webkit.org/show_bug.cgi?id=137635
+
+        Reviewed by Jochen Eisinger.
+
+        * http/tests/security/referrer-policy-https-no-referrer-expected.txt: Added.
+        * http/tests/security/referrer-policy-https-no-referrer-when-downgrade-expected.txt: Added.
+        * http/tests/security/referrer-policy-https-no-referrer-when-downgrade.html: Added.
+        * http/tests/security/referrer-policy-https-no-referrer.html: Added.
+        * http/tests/security/referrer-policy-https-unsafe-url-expected.txt: Added.
+        * http/tests/security/referrer-policy-https-unsafe-url.html: Added.
+        * http/tests/security/referrer-policy-invalid-expected.txt: Update the error message with new keywords.
+        * http/tests/security/referrer-policy-no-referrer-expected.txt: Added.
+        * http/tests/security/referrer-policy-no-referrer-when-downgrade-expected.txt: Added.
+        * http/tests/security/referrer-policy-no-referrer-when-downgrade.html: Added.
+        * http/tests/security/referrer-policy-no-referrer.html: Added.
+
 2014-10-12  Dhi Aurrahman  <[email protected]>
 
         Support activation behavior of link element

Added: trunk/LayoutTests/http/tests/security/referrer-policy-https-no-referrer-expected.txt (0 => 174640)


--- trunk/LayoutTests/http/tests/security/referrer-policy-https-no-referrer-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/http/tests/security/referrer-policy-https-no-referrer-expected.txt	2014-10-12 12:55:45 UTC (rev 174640)
@@ -0,0 +1,10 @@
+This test checks the default referrer policy when navigating from a secure URL to an insecure URL. The test passes if the printed referrer is empty.
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+HTTP Referer header is empty
+Referrer is empty
+

Added: trunk/LayoutTests/http/tests/security/referrer-policy-https-no-referrer-when-downgrade-expected.txt (0 => 174640)


--- trunk/LayoutTests/http/tests/security/referrer-policy-https-no-referrer-when-downgrade-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/http/tests/security/referrer-policy-https-no-referrer-when-downgrade-expected.txt	2014-10-12 12:55:45 UTC (rev 174640)
@@ -0,0 +1,10 @@
+This test checks the default referrer policy when navigating from a secure URL to an insecure URL. The test passes if the printed referrer is empty.
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+HTTP Referer header is empty
+Referrer is empty
+

Added: trunk/LayoutTests/http/tests/security/referrer-policy-https-no-referrer-when-downgrade.html (0 => 174640)


--- trunk/LayoutTests/http/tests/security/referrer-policy-https-no-referrer-when-downgrade.html	                        (rev 0)
+++ trunk/LayoutTests/http/tests/security/referrer-policy-https-no-referrer-when-downgrade.html	2014-10-12 12:55:45 UTC (rev 174640)
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.dumpChildFramesAsText();
+    testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>
+This test checks the default referrer policy when navigating from a secure URL
+to an insecure URL. The test passes if the printed referrer is empty.
+</p>
+<iframe src=""
+</body>
+</html>

Added: trunk/LayoutTests/http/tests/security/referrer-policy-https-no-referrer.html (0 => 174640)


--- trunk/LayoutTests/http/tests/security/referrer-policy-https-no-referrer.html	                        (rev 0)
+++ trunk/LayoutTests/http/tests/security/referrer-policy-https-no-referrer.html	2014-10-12 12:55:45 UTC (rev 174640)
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.dumpChildFramesAsText();
+    testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>
+This test checks the default referrer policy when navigating from a secure URL
+to an insecure URL. The test passes if the printed referrer is empty.
+</p>
+<iframe src=""
+</body>
+</html>

Added: trunk/LayoutTests/http/tests/security/referrer-policy-https-unsafe-url-expected.txt (0 => 174640)


--- trunk/LayoutTests/http/tests/security/referrer-policy-https-unsafe-url-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/http/tests/security/referrer-policy-https-unsafe-url-expected.txt	2014-10-12 12:55:45 UTC (rev 174640)
@@ -0,0 +1,10 @@
+This test checks the always referrer policy when navigating from a secure URL to an insecure URL. The test passes if the printed referrer is https://127.0.0.1:8443/security/resources/referrer-policy-start.html?unsafe-url
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+HTTP Referer header is https://127.0.0.1:8443/security/resources/referrer-policy-start.html?unsafe-url
+Referrer is https://127.0.0.1:8443/security/resources/referrer-policy-start.html?unsafe-url
+

Added: trunk/LayoutTests/http/tests/security/referrer-policy-https-unsafe-url.html (0 => 174640)


--- trunk/LayoutTests/http/tests/security/referrer-policy-https-unsafe-url.html	                        (rev 0)
+++ trunk/LayoutTests/http/tests/security/referrer-policy-https-unsafe-url.html	2014-10-12 12:55:45 UTC (rev 174640)
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.dumpChildFramesAsText();
+    testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>
+This test checks the always referrer policy when navigating from a secure URL
+to an insecure URL. The test passes if the printed referrer is
+https://127.0.0.1:8443/security/resources/referrer-policy-start.html?unsafe-url
+</p>
+<iframe src=""
+</body>
+</html>

Modified: trunk/LayoutTests/http/tests/security/referrer-policy-invalid-expected.txt (174639 => 174640)


--- trunk/LayoutTests/http/tests/security/referrer-policy-invalid-expected.txt	2014-10-12 09:32:10 UTC (rev 174639)
+++ trunk/LayoutTests/http/tests/security/referrer-policy-invalid-expected.txt	2014-10-12 12:55:45 UTC (rev 174640)
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: Failed to set referrer policy: The value 'invalid' is not one of 'always', 'default', 'never', or 'origin'. Defaulting to 'never'.
+CONSOLE MESSAGE: Failed to set referrer policy: The value 'invalid' is not one of 'no-referrer', 'origin', 'no-referrer-when-downgrade', or 'unsafe-url'. Defaulting to 'no-referrer'.
 This test checks an invalid referrer policy when navigating from an insecure URL to another insecure URL. The test passes if the printed referrer is empty.

Added: trunk/LayoutTests/http/tests/security/referrer-policy-no-referrer-expected.txt (0 => 174640)


--- trunk/LayoutTests/http/tests/security/referrer-policy-no-referrer-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/http/tests/security/referrer-policy-no-referrer-expected.txt	2014-10-12 12:55:45 UTC (rev 174640)
@@ -0,0 +1,10 @@
+This test checks the never referrer policy when navigating from an insecure URL to another insecure URL. The test passes if the printed referrer is empty.
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+HTTP Referer header is empty
+Referrer is empty
+

Added: trunk/LayoutTests/http/tests/security/referrer-policy-no-referrer-when-downgrade-expected.txt (0 => 174640)


--- trunk/LayoutTests/http/tests/security/referrer-policy-no-referrer-when-downgrade-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/http/tests/security/referrer-policy-no-referrer-when-downgrade-expected.txt	2014-10-12 12:55:45 UTC (rev 174640)
@@ -0,0 +1,10 @@
+This test checks the default referrer policy when navigating from an insecure URL to another insecure URL. The test passes if the printed referrer is http://127.0.0.1:8000/security/resources/referrer-policy-start.html?no-referrer-when-downgrade
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+HTTP Referer header is http://127.0.0.1:8000/security/resources/referrer-policy-start.html?no-referrer-when-downgrade
+Referrer is http://127.0.0.1:8000/security/resources/referrer-policy-start.html?no-referrer-when-downgrade
+

Added: trunk/LayoutTests/http/tests/security/referrer-policy-no-referrer-when-downgrade.html (0 => 174640)


--- trunk/LayoutTests/http/tests/security/referrer-policy-no-referrer-when-downgrade.html	                        (rev 0)
+++ trunk/LayoutTests/http/tests/security/referrer-policy-no-referrer-when-downgrade.html	2014-10-12 12:55:45 UTC (rev 174640)
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.dumpChildFramesAsText();
+    testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>
+This test checks the default referrer policy when navigating from an insecure
+URL to another insecure URL. The test passes if the printed referrer is
+http://127.0.0.1:8000/security/resources/referrer-policy-start.html?no-referrer-when-downgrade
+</p>
+<iframe src=""
+</body>
+</html>

Added: trunk/LayoutTests/http/tests/security/referrer-policy-no-referrer.html (0 => 174640)


--- trunk/LayoutTests/http/tests/security/referrer-policy-no-referrer.html	                        (rev 0)
+++ trunk/LayoutTests/http/tests/security/referrer-policy-no-referrer.html	2014-10-12 12:55:45 UTC (rev 174640)
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.dumpChildFramesAsText();
+    testRunner.waitUntilDone();
+}
+</script>
+</head>
+<body>
+<p>
+This test checks the never referrer policy when navigating from an insecure
+URL to another insecure URL. The test passes if the printed referrer is empty.
+</p>
+<iframe src=""
+</body>
+</html>

Modified: trunk/Source/WebCore/ChangeLog (174639 => 174640)


--- trunk/Source/WebCore/ChangeLog	2014-10-12 09:32:10 UTC (rev 174639)
+++ trunk/Source/WebCore/ChangeLog	2014-10-12 12:55:45 UTC (rev 174640)
@@ -1,3 +1,30 @@
+2014-10-12  Mike West  <[email protected]>
+
+        Referrer Policy: Update <meta name="referrer"> values to match the spec
+        https://bugs.webkit.org/show_bug.cgi?id=137635
+
+        Reviewed by Jochen Eisinger.
+
+        The Referrer Policy specification ([Working Draft][WD], [Editor's
+        draft[ED]) defines different keywords than we originally
+        implemented. We should support them in the interests of clarity and
+        interoperability with other browsers implementing the specification.
+
+        [WD]: http://www.w3.org/TR/referrer-policy/#referrer-policy-delivery-meta
+        [ED]: http://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-delivery-meta
+
+        This patch is a port of Blink's https://codereview.chromium.org/607433002/
+
+        Tests: http/tests/security/referrer-policy-conflicting-policies.html
+               http/tests/security/referrer-policy-https-no-referrer-when-downgrade.html
+               http/tests/security/referrer-policy-https-no-referrer.html
+               http/tests/security/referrer-policy-https-unsafe-url.html
+               http/tests/security/referrer-policy-no-referrer-when-downgrade.html
+               http/tests/security/referrer-policy-no-referrer.html
+
+        * dom/Document.cpp:
+        (WebCore::Document::processReferrerPolicy):
+
 2014-10-12  Dhi Aurrahman  <[email protected]>
 
         Support activation behavior of link element

Modified: trunk/Source/WebCore/dom/Document.cpp (174639 => 174640)


--- trunk/Source/WebCore/dom/Document.cpp	2014-10-12 09:32:10 UTC (rev 174639)
+++ trunk/Source/WebCore/dom/Document.cpp	2014-10-12 12:55:45 UTC (rev 174640)
@@ -3042,17 +3042,19 @@
 {
     ASSERT(!policy.isNull());
 
-    if (equalIgnoringCase(policy, "never"))
-        m_referrerPolicy = ReferrerPolicyNever;
-    else if (equalIgnoringCase(policy, "always"))
-        m_referrerPolicy = ReferrerPolicyAlways;
+    // Note that we're supporting both the standard and legacy keywords for referrer
+    // policies, as defined by http://www.w3.org/TR/referrer-policy/#referrer-policy-delivery-meta
+    if (equalIgnoringCase(policy, "no-referrer") || equalIgnoringCase(policy, "never"))
+        setReferrerPolicy(ReferrerPolicyNever);
+    else if (equalIgnoringCase(policy, "unsafe-url") || equalIgnoringCase(policy, "always"))
+        setReferrerPolicy(ReferrerPolicyAlways);
     else if (equalIgnoringCase(policy, "origin"))
-        m_referrerPolicy = ReferrerPolicyOrigin;
-    else if (equalIgnoringCase(policy, "default"))
-        m_referrerPolicy = ReferrerPolicyDefault;
+        setReferrerPolicy(ReferrerPolicyOrigin);
+    else if (equalIgnoringCase(policy, "no-referrer-when-downgrade") || equalIgnoringCase(policy, "default"))
+        setReferrerPolicy(ReferrerPolicyDefault);
     else {
-        addConsoleMessage(MessageSource::Rendering, MessageLevel::Error, "Failed to set referrer policy: The value '" + policy + "' is not one of 'always', 'default', 'never', or 'origin'. Defaulting to 'never'.");
-        m_referrerPolicy = ReferrerPolicyNever;
+        addConsoleMessage(MessageSource::Rendering, MessageLevel::Error, "Failed to set referrer policy: The value '" + policy + "' is not one of 'no-referrer', 'origin', 'no-referrer-when-downgrade', or 'unsafe-url'. Defaulting to 'no-referrer'.");
+        setReferrerPolicy(ReferrerPolicyNever);
     }
 }
 

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to