Diff
Modified: trunk/LayoutTests/ChangeLog (194127 => 194128)
--- trunk/LayoutTests/ChangeLog 2015-12-16 01:05:15 UTC (rev 194127)
+++ trunk/LayoutTests/ChangeLog 2015-12-16 01:11:45 UTC (rev 194128)
@@ -1,3 +1,33 @@
+2015-12-15 Jiewen Tan <[email protected]>
+
+ Verify that Referer Policy within Content-Disposition:attachment sandbox is always ReferrerPolicyNever
+ https://bugs.webkit.org/show_bug.cgi?id=152260
+ <rdar://problem/23884579>
+
+ Reviewed by Andy Estes.
+
+ * http/tests/contentdispositionattachmentsandbox/referer-header-stripped-expected.txt: Added.
+ * http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-always-expected.txt: Added.
+ * http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-always.html: Added.
+ * http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-default-expected.txt: Added.
+ * http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-default.html: Added.
+ * http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-never-expected.txt: Added.
+ * http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-never.html: Added.
+ * http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-no-referrer-expected.txt: Added.
+ * http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-no-referrer-when-downgrade-expected.txt: Added.
+ * http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-no-referrer-when-downgrade.html: Added.
+ * http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-no-referrer.html: Added.
+ * http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-origin-expected.txt: Added.
+ * http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-origin.html: Added.
+ * http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-unsafe-url-expected.txt: Added.
+ * http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-unsafe-url.html: Added.
+ * http/tests/contentdispositionattachmentsandbox/referer-header-stripped.html: Added.
+ * http/tests/contentdispositionattachmentsandbox/resources/referer-header-stripped-frame.php: Added.
+ * http/tests/contentdispositionattachmentsandbox/resources/referer-header-stripped.js: Added.
+ * http/tests/contentdispositionattachmentsandbox/resources/subresource-request-not-include-referer-header-frame.php: Removed.
+ * http/tests/contentdispositionattachmentsandbox/subresource-request-not-include-referer-header-expected.txt: Removed.
+ * http/tests/contentdispositionattachmentsandbox/subresource-request-not-include-referer-header.html: Removed.
+
2015-12-15 Timothy Horton <[email protected]>
Rebaseline some page overlay tests for WK1
Added: trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped-expected.txt (0 => 194128)
--- trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped-expected.txt 2015-12-16 01:11:45 UTC (rev 194128)
@@ -0,0 +1,8 @@
+This test verifies that a link redirected by a document which is loaded with Content-Disposition:attachment will not have http referer. Tess passes if no referer is printed.
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+
Added: trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-always-expected.txt (0 => 194128)
--- trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-always-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-always-expected.txt 2015-12-16 01:11:45 UTC (rev 194128)
@@ -0,0 +1,8 @@
+This test verifies that a link redirected by a document which is loaded with Content-Disposition:attachment will not have http referer. Tess passes if no referer is printed.
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+
Added: trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-always.html (0 => 194128)
--- trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-always.html (rev 0)
+++ trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-always.html 2015-12-16 01:11:45 UTC (rev 194128)
@@ -0,0 +1,4 @@
+<!DOCTYPE html>
+<script src=""
+<p>This test verifies that a link redirected by a document which is loaded with Content-Disposition:attachment will not have http referer. Tess passes if no referer is printed.</p>
+<iframe src="" _onload_="navigation()"></iframe>
Added: trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-default-expected.txt (0 => 194128)
--- trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-default-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-default-expected.txt 2015-12-16 01:11:45 UTC (rev 194128)
@@ -0,0 +1,8 @@
+This test verifies that a link redirected by a document which is loaded with Content-Disposition:attachment will not have http referer. Tess passes if no referer is printed.
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+
Added: trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-default.html (0 => 194128)
--- trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-default.html (rev 0)
+++ trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-default.html 2015-12-16 01:11:45 UTC (rev 194128)
@@ -0,0 +1,4 @@
+<!DOCTYPE html>
+<script src=""
+<p>This test verifies that a link redirected by a document which is loaded with Content-Disposition:attachment will not have http referer. Tess passes if no referer is printed.</p>
+<iframe src="" _onload_="navigation()"></iframe>
Added: trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-never-expected.txt (0 => 194128)
--- trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-never-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-never-expected.txt 2015-12-16 01:11:45 UTC (rev 194128)
@@ -0,0 +1,8 @@
+This test verifies that a link redirected by a document which is loaded with Content-Disposition:attachment will not have http referer. Tess passes if no referer is printed.
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+
Added: trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-never.html (0 => 194128)
--- trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-never.html (rev 0)
+++ trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-never.html 2015-12-16 01:11:45 UTC (rev 194128)
@@ -0,0 +1,4 @@
+<!DOCTYPE html>
+<script src=""
+<p>This test verifies that a link redirected by a document which is loaded with Content-Disposition:attachment will not have http referer. Tess passes if no referer is printed.</p>
+<iframe src="" _onload_="navigation()"></iframe>
Added: trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-no-referrer-expected.txt (0 => 194128)
--- trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-no-referrer-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-no-referrer-expected.txt 2015-12-16 01:11:45 UTC (rev 194128)
@@ -0,0 +1,8 @@
+This test verifies that a link redirected by a document which is loaded with Content-Disposition:attachment will not have http referer. Tess passes if no referer is printed.
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+
Added: trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-no-referrer-when-downgrade-expected.txt (0 => 194128)
--- trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-no-referrer-when-downgrade-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-no-referrer-when-downgrade-expected.txt 2015-12-16 01:11:45 UTC (rev 194128)
@@ -0,0 +1,8 @@
+This test verifies that a link redirected by a document which is loaded with Content-Disposition:attachment will not have http referer. Tess passes if no referer is printed.
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+
Added: trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-no-referrer-when-downgrade.html (0 => 194128)
--- trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-no-referrer-when-downgrade.html (rev 0)
+++ trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-no-referrer-when-downgrade.html 2015-12-16 01:11:45 UTC (rev 194128)
@@ -0,0 +1,4 @@
+<!DOCTYPE html>
+<script src=""
+<p>This test verifies that a link redirected by a document which is loaded with Content-Disposition:attachment will not have http referer. Tess passes if no referer is printed.</p>
+<iframe src="" _onload_="navigation()"></iframe>
Added: trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-no-referrer.html (0 => 194128)
--- trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-no-referrer.html (rev 0)
+++ trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-no-referrer.html 2015-12-16 01:11:45 UTC (rev 194128)
@@ -0,0 +1,4 @@
+<!DOCTYPE html>
+<script src=""
+<p>This test verifies that a link redirected by a document which is loaded with Content-Disposition:attachment will not have http referer. Tess passes if no referer is printed.</p>
+<iframe src="" _onload_="navigation()"></iframe>
Added: trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-origin-expected.txt (0 => 194128)
--- trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-origin-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-origin-expected.txt 2015-12-16 01:11:45 UTC (rev 194128)
@@ -0,0 +1,8 @@
+This test verifies that a link redirected by a document which is loaded with Content-Disposition:attachment will not have http referer. Tess passes if no referer is printed.
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+
Added: trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-origin.html (0 => 194128)
--- trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-origin.html (rev 0)
+++ trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-origin.html 2015-12-16 01:11:45 UTC (rev 194128)
@@ -0,0 +1,4 @@
+<!DOCTYPE html>
+<script src=""
+<p>This test verifies that a link redirected by a document which is loaded with Content-Disposition:attachment will not have http referer. Tess passes if no referer is printed.</p>
+<iframe src="" _onload_="navigation()"></iframe>
Added: trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-unsafe-url-expected.txt (0 => 194128)
--- trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-unsafe-url-expected.txt (rev 0)
+++ trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-unsafe-url-expected.txt 2015-12-16 01:11:45 UTC (rev 194128)
@@ -0,0 +1,8 @@
+This test verifies that a link redirected by a document which is loaded with Content-Disposition:attachment will not have http referer. Tess passes if no referer is printed.
+
+
+
+--------
+Frame: '<!--framePath //<!--frame0-->-->'
+--------
+
Added: trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-unsafe-url.html (0 => 194128)
--- trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-unsafe-url.html (rev 0)
+++ trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped-with-meta-referer-unsafe-url.html 2015-12-16 01:11:45 UTC (rev 194128)
@@ -0,0 +1,4 @@
+<!DOCTYPE html>
+<script src=""
+<p>This test verifies that a link redirected by a document which is loaded with Content-Disposition:attachment will not have http referer. Tess passes if no referer is printed.</p>
+<iframe src="" _onload_="navigation()"></iframe>
\ No newline at end of file
Added: trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped.html (0 => 194128)
--- trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped.html (rev 0)
+++ trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/referer-header-stripped.html 2015-12-16 01:11:45 UTC (rev 194128)
@@ -0,0 +1,4 @@
+<!DOCTYPE html>
+<script src=""
+<p>This test verifies that a link redirected by a document which is loaded with Content-Disposition:attachment will not have http referer. Tess passes if no referer is printed.</p>
+<iframe src="" _onload_="navigation()"></iframe>
Copied: trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/resources/referer-header-stripped-frame.php (from rev 194127, trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/resources/subresource-request-not-include-referer-header-frame.php) (0 => 194128)
--- trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/resources/referer-header-stripped-frame.php (rev 0)
+++ trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/resources/referer-header-stripped-frame.php 2015-12-16 01:11:45 UTC (rev 194128)
@@ -0,0 +1,16 @@
+<?php
+header("Content-Disposition: attachment; filename=test.html");
+header("Content-Type: text/html");
+?>
+<!DOCTYPE html>
+<head>
+<?php if (isset($_GET['referrer'])) print("<meta name=\"referrer\" content=\"" . $_GET['referrer'] . "\">\n"); ?>
+<style>
+a {
+ display: block;
+ width: 100vw;
+ height: 100vh;
+}
+</style>
+</head>
+<a href="" to echo-http-referer.php</a>
\ No newline at end of file
Copied: trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/resources/referer-header-stripped.js (from rev 194127, trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/subresource-request-not-include-referer-header.html) (0 => 194128)
--- trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/resources/referer-header-stripped.js (rev 0)
+++ trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/resources/referer-header-stripped.js 2015-12-16 01:11:45 UTC (rev 194128)
@@ -0,0 +1,26 @@
+if (window.internals)
+ internals.settings.setContentDispositionAttachmentSandboxEnabled(true);
+
+if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.dumpChildFramesAsText();
+ testRunner.waitUntilDone();
+}
+
+function navigation() {
+ // Due to the sandbox, it's not possible to run script in the iframe or even access its contentDocument.
+ var element = document.getElementsByTagName("iframe")[0];
+ var x = element.offsetLeft + 10;
+ var y = element.offsetTop + 10;
+
+ if (window.testRunner) {
+ if (window.eventSender) {
+ eventSender.mouseMoveTo(x, y);
+ eventSender.mouseDown();
+ eventSender.mouseUp();
+ }
+
+ if (testRunner.runUIScript)
+ testRunner.runUIScript("(function() { uiController.singleTapAtPoint(" + x + ", " + y + "); })()");
+ }
+}
\ No newline at end of file
Deleted: trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/resources/subresource-request-not-include-referer-header-frame.php (194127 => 194128)
--- trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/resources/subresource-request-not-include-referer-header-frame.php 2015-12-16 01:05:15 UTC (rev 194127)
+++ trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/resources/subresource-request-not-include-referer-header-frame.php 2015-12-16 01:11:45 UTC (rev 194128)
@@ -1,14 +0,0 @@
-<?php
-header("Content-Disposition: attachment; filename=test.html");
-header("Content-Type: text/html");
-?>
-<!DOCTYPE html>
-<style>
-a {
- display: block;
- width: 100vw;
- height: 100vh;
-}
-
-</style>
-<a href="" to echo-http-referer.php</a>
\ No newline at end of file
Deleted: trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/subresource-request-not-include-referer-header-expected.txt (194127 => 194128)
--- trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/subresource-request-not-include-referer-header-expected.txt 2015-12-16 01:05:15 UTC (rev 194127)
+++ trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/subresource-request-not-include-referer-header-expected.txt 2015-12-16 01:11:45 UTC (rev 194128)
@@ -1,8 +0,0 @@
-This test verifies that a subresource loaded by a document which is loaded with Content-Disposition:attachment will not have http referer. Tess passes if no referer is printed.
-
-
-
---------
-Frame: 'iframe'
---------
-
Deleted: trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/subresource-request-not-include-referer-header.html (194127 => 194128)
--- trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/subresource-request-not-include-referer-header.html 2015-12-16 01:05:15 UTC (rev 194127)
+++ trunk/LayoutTests/http/tests/contentdispositionattachmentsandbox/subresource-request-not-include-referer-header.html 2015-12-16 01:11:45 UTC (rev 194128)
@@ -1,31 +0,0 @@
-<!DOCTYPE html>
-<script>
-if (window.internals)
- internals.settings.setContentDispositionAttachmentSandboxEnabled(true);
-
-if (window.testRunner) {
- testRunner.dumpAsText();
- testRunner.dumpChildFramesAsText();
- testRunner.waitUntilDone();
-}
-
-function navigation() {
- // Due to the sandbox, it's not possible to run script in the iframe or even access its contentDocument.
- var element = document.getElementById('iframe');
- var x = element.offsetLeft + 10;
- var y = element.offsetTop + 10;
-
- if (window.testRunner) {
- if (window.eventSender) {
- eventSender.mouseMoveTo(x, y);
- eventSender.mouseDown();
- eventSender.mouseUp();
- }
-
- if (testRunner.runUIScript)
- testRunner.runUIScript("(function() { uiController.singleTapAtPoint(" + x + ", " + y + "); })()");
- }
-}
-</script>
-<p>This test verifies that a subresource loaded by a document which is loaded with Content-Disposition:attachment will not have http referer. Tess passes if no referer is printed.</p>
-<iframe id='iframe' src="" _onload_="navigation()"></iframe>
