Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(176)

Side by Side Diff: net/url_request/url_request_job_unittest.cc

Issue 2100583002: Apply Referrer-Policy header when following redirects (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: turn on in layout tests and add layout test Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/url_request/url_request_job.h" 5 #include "net/url_request/url_request_job.h"
6 6
7 #include <memory> 7 #include <memory>
8 8
9 #include "base/run_loop.h" 9 #include "base/run_loop.h"
10 #include "net/base/request_priority.h" 10 #include "net/base/request_priority.h"
11 #include "net/http/http_transaction_test_util.h" 11 #include "net/http/http_transaction_test_util.h"
12 #include "net/test/cert_test_util.h"
13 #include "net/test/test_data_directory.h"
12 #include "net/url_request/url_request.h" 14 #include "net/url_request/url_request.h"
13 #include "net/url_request/url_request_test_util.h" 15 #include "net/url_request/url_request_test_util.h"
14 #include "testing/gtest/include/gtest/gtest.h" 16 #include "testing/gtest/include/gtest/gtest.h"
15 17
16 namespace net { 18 namespace net {
17 19
18 namespace { 20 namespace {
19 21
20 // Data encoded in kBrotliHelloData. 22 // Data encoded in kBrotliHelloData.
21 const char kBrotliDecodedHelloData[] = "hello, world!\n"; 23 const char kBrotliDecodedHelloData[] = "hello, world!\n";
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after
54 response_data->insert(10, 64 * 1024, 'a'); 56 response_data->insert(10, 64 * 1024, 'a');
55 } 57 }
56 58
57 void BrotliHelloServer(const HttpRequestInfo* request, 59 void BrotliHelloServer(const HttpRequestInfo* request,
58 std::string* response_status, 60 std::string* response_status,
59 std::string* response_headers, 61 std::string* response_headers,
60 std::string* response_data) { 62 std::string* response_data) {
61 response_data->assign(kBrotliHelloData, sizeof(kBrotliHelloData) - 1); 63 response_data->assign(kBrotliHelloData, sizeof(kBrotliHelloData) - 1);
62 } 64 }
63 65
66 void MakeMockReferrerPolicyTransaction(const char* original_url,
67 const char* referer_header,
68 const char* response_headers,
69 MockTransaction* transaction) {
70 transaction->url = original_url;
71 transaction->method = "GET";
72 transaction->request_time = base::Time();
73 transaction->request_headers = referer_header;
74 transaction->load_flags = LOAD_NORMAL;
75 transaction->status = "HTTP/1.1 302 Found";
76 transaction->response_headers = response_headers;
77 transaction->response_time = base::Time();
78 transaction->data = "hello";
79 transaction->test_mode = TEST_MODE_NORMAL;
80 transaction->handler = nullptr;
81 if (GURL(original_url).SchemeIsCryptographic()) {
82 transaction->cert =
83 net::ImportCertFromFile(net::GetTestCertsDirectory(), "ok_cert.pem");
84 } else {
85 transaction->cert = nullptr;
86 }
87 transaction->cert_status = 0;
88 transaction->ssl_connection_status = 0;
89 transaction->return_code = OK;
90 }
91
64 const MockTransaction kGZip_Transaction = { 92 const MockTransaction kGZip_Transaction = {
65 "http://www.google.com/gzyp", 93 "http://www.google.com/gzyp",
66 "GET", 94 "GET",
67 base::Time(), 95 base::Time(),
68 "", 96 "",
69 LOAD_NORMAL, 97 LOAD_NORMAL,
70 "HTTP/1.1 200 OK", 98 "HTTP/1.1 200 OK",
71 "Cache-Control: max-age=10000\n" 99 "Cache-Control: max-age=10000\n"
72 "Content-Encoding: gzip\n" 100 "Content-Encoding: gzip\n"
73 "Content-Length: 30\n", // Intentionally wrong. 101 "Content-Length: 30\n", // Intentionally wrong.
(...skipping 152 matching lines...) Expand 10 before | Expand all | Expand 10 after
226 req->set_method("GET"); 254 req->set_method("GET");
227 req->Start(); 255 req->Start();
228 256
229 base::RunLoop().Run(); 257 base::RunLoop().Run();
230 258
231 EXPECT_TRUE(network_layer.done_reading_called()); 259 EXPECT_TRUE(network_layer.done_reading_called());
232 260
233 RemoveMockTransaction(&kRedirect_Transaction); 261 RemoveMockTransaction(&kRedirect_Transaction);
234 } 262 }
235 263
264 TEST(URLRequestJob, RedirectTransactionWithReferrerPolicyHeader) {
265 struct TestCase {
266 const char* original_url;
267 const char* original_referrer;
268 const char* response_headers;
269 URLRequest::ReferrerPolicy original_referrer_policy;
270 URLRequest::ReferrerPolicy expected_final_referrer_policy;
271 const char* expected_final_referrer;
272 };
273
274 const TestCase kTests[] = {
275 // If a redirect serves 'Referrer-Policy: no-referrer', then the referrer
276 // should be cleared.
277 {"http://foo.test/one" /* original url */,
278 "http://foo.test/one" /* original referrer */,
279 "Location: http://foo.test/test\n"
280 "Referrer-Policy: no-referrer\n",
281 // original policy
282 URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE,
283 URLRequest::NO_REFERRER /* expected final policy */,
284 "" /* expected final referrer */},
285
286 // Same as above but for the legacy keyword 'never'.
287 {"http://foo.test/one" /* original url */,
288 "http://foo.test/one" /* original referrer */,
289 "Location: http://foo.test/test\nReferrer-Policy: never\n",
290 // original policy
291 URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE,
292 URLRequest::NO_REFERRER /* expected final policy */,
293 "" /* expected final referrer */},
294
295 // If a redirect serves 'Referrer-Policy:
296 // no-referrer-when-downgrade', then the referrer should be cleared
297 // on downgrade, even if the original request's policy specified
298 // that the referrer should never be cleared.
299 {"https://foo.test/one" /* original url */,
300 "https://foo.test/one" /* original referrer */,
301 "Location: http://foo.test\n"
302 "Referrer-Policy: no-referrer-when-downgrade\n",
303 URLRequest::NEVER_CLEAR_REFERRER /* original policy */,
304 // expected final policy
305 URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE,
306 "" /* expected final referrer */},
307
308 // Same as above but for the legacy keyword 'default'.
309 {"https://foo.test/one" /* original url */,
310 "https://foo.test/one" /* original referrer */,
311 "Location: http://foo.test\n"
312 "Referrer-Policy: default\n",
313 URLRequest::NEVER_CLEAR_REFERRER /* original policy */,
314 // expected final policy
315 URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE,
316 "" /* expected final referrer */},
317
318 // If a redirect serves 'Referrer-Policy: origin', then the referrer
319 // should be stripped to its origin, even if the original request's
320 // policy specified that the referrer should never be cleared.
321 {"https://foo.test/one" /* original url */,
322 "https://foo.test/one" /* original referrer */,
323 "Location: https://foo.test/two\n"
324 "Referrer-Policy: origin\n",
325 URLRequest::NEVER_CLEAR_REFERRER /* original policy */,
326 URLRequest::ORIGIN /* expected final policy */,
327 "https://foo.test/" /* expected final referrer */},
328
329 // If a redirect serves 'Referrer-Policy: origin-when-cross-origin',
330 // then the referrer should be untouched for a same-origin redirect...
331 {"https://foo.test/one" /* original url */,
332 "https://foo.test/referrer" /* original referrer */,
333 "Location: https://foo.test/two\n"
334 "Referrer-Policy: origin-when-cross-origin\n",
335 URLRequest::NEVER_CLEAR_REFERRER /* original policy */,
336 URLRequest::
337 ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN /* expected final policy */,
338 "https://foo.test/referrer" /* expected final referrer */},
339
340 // ... but should be stripped to the origin for a cross-origin redirect.
341 {"https://foo.test/one" /* original url */,
342 "https://foo.test/one" /* original referrer */,
343 "Location: https://bar.test/two\n"
344 "Referrer-Policy: origin-when-cross-origin\n",
345 URLRequest::NEVER_CLEAR_REFERRER /* original policy */,
346 URLRequest::
347 ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN /* expected final policy */,
348 "https://foo.test/" /* expected final referrer */},
349
350 // If a redirect serves 'Referrer-Policy: unsafe-url', then the
351 // referrer should remain, even if originally set to clear on
352 // downgrade.
353 {"https://foo.test/one" /* original url */,
354 "https://foo.test/one" /* original referrer */,
355 "Location: https://bar.test/two\n"
356 "Referrer-Policy: unsafe-url\n",
357 URLRequest::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN /* original policy */,
358 URLRequest::NEVER_CLEAR_REFERRER /* expected final policy */,
359 "https://foo.test/one" /* expected final referrer */},
360
361 // Same as above but for the legacy keyword 'always'.
362 {"https://foo.test/one" /* original url */,
363 "https://foo.test/one" /* original referrer */,
364 "Location: https://bar.test/two\n"
365 "Referrer-Policy: always\n",
366 URLRequest::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN /* original policy */,
367 URLRequest::NEVER_CLEAR_REFERRER /* expected final policy */,
368 "https://foo.test/one" /* expected final referrer */},
369
370 // An invalid keyword should leave the policy untouched.
371 {"https://foo.test/one" /* original url */,
372 "https://foo.test/one" /* original referrer */,
373 "Location: https://bar.test/two\n"
374 "Referrer-Policy: not-a-valid-policy\n",
375 URLRequest::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN /* original policy */,
376 URLRequest::
377 ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN /* expected final policy */,
378 "https://foo.test/" /* expected final referrer */},
379
380 {"https://foo.test/one" /* original url */,
381 "https://foo.test/one" /* original referrer */,
382 "Location: http://bar.test/two\n"
383 "Referrer-Policy: not-a-valid-policy\n",
384 // original policy
385 URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE,
386 // expected final policy
387 URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE,
388 "" /* expected final referrer */},
389
390 // The last valid keyword should take precedence.
391 {"https://foo.test/one" /* original url */,
392 "https://foo.test/one" /* original referrer */,
393 "Location: https://bar.test/two\n"
394 "Referrer-Policy: unsafe-url\n"
395 "Referrer-Policy: not-a-valid-policy\n",
396 URLRequest::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN /* original policy */,
397 URLRequest::NEVER_CLEAR_REFERRER /* expected final policy */,
398 "https://foo.test/one" /* expected final referrer */},
399
400 {"https://foo.test/one" /* original url */,
401 "https://foo.test/one" /* original referrer */,
402 "Location: https://bar.test/two\n"
403 "Referrer-Policy: unsafe-url\n"
404 "Referrer-Policy: origin\n",
405 URLRequest::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN /* original policy */,
406 URLRequest::ORIGIN /* expected final policy */,
407 "https://foo.test/" /* expected final referrer */},
408
409 // An empty header should not affect the request.
410 {"https://foo.test/one" /* original url */,
411 "https://foo.test/one" /* original referrer */,
412 "Location: https://bar.test/two\n"
413 "Referrer-Policy: \n",
414 URLRequest::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN /* original policy */,
415 URLRequest::
416 ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN /* expected final policy */,
417 "https://foo.test/" /* expected final referrer */},
418 };
419
420 for (const auto& test : kTests) {
421 MockTransaction transaction;
422 std::string request_headers =
423 "Referer: " + std::string(test.original_referrer) + "\n";
424 MakeMockReferrerPolicyTransaction(test.original_url,
425 request_headers.c_str(),
426 test.response_headers, &transaction);
427
428 MockNetworkLayer network_layer;
429 TestURLRequestContext context;
430 context.set_enable_referrer_policy_header(true);
431 context.set_http_transaction_factory(&network_layer);
432
433 TestDelegate d;
434 std::unique_ptr<URLRequest> req(
435 context.CreateRequest(GURL(transaction.url), DEFAULT_PRIORITY, &d));
436 AddMockTransaction(&transaction);
437
438 req->set_referrer_policy(test.original_referrer_policy);
439 req->SetReferrer(test.original_referrer);
440
441 req->set_method("GET");
442 req->Start();
443
444 base::RunLoop().Run();
445
446 EXPECT_TRUE(network_layer.done_reading_called());
447
448 RemoveMockTransaction(&transaction);
449
450 // Test that the referrer policy and referrer were set correctly
451 // according to the header received during the redirect.
452 EXPECT_EQ(test.expected_final_referrer_policy, req->referrer_policy());
453 EXPECT_EQ(test.expected_final_referrer, req->referrer());
454 }
455 }
456
236 TEST(URLRequestJob, TransactionNotCachedWhenNetworkDelegateRedirects) { 457 TEST(URLRequestJob, TransactionNotCachedWhenNetworkDelegateRedirects) {
237 MockNetworkLayer network_layer; 458 MockNetworkLayer network_layer;
238 TestNetworkDelegate network_delegate; 459 TestNetworkDelegate network_delegate;
239 network_delegate.set_redirect_on_headers_received_url(GURL("http://foo")); 460 network_delegate.set_redirect_on_headers_received_url(GURL("http://foo"));
240 TestURLRequestContext context; 461 TestURLRequestContext context;
241 context.set_http_transaction_factory(&network_layer); 462 context.set_http_transaction_factory(&network_layer);
242 context.set_network_delegate(&network_delegate); 463 context.set_network_delegate(&network_delegate);
243 464
244 TestDelegate d; 465 TestDelegate d;
245 std::unique_ptr<URLRequest> req( 466 std::unique_ptr<URLRequest> req(
(...skipping 105 matching lines...) Expand 10 before | Expand all | Expand 10 after
351 572
352 EXPECT_FALSE(d.request_failed()); 573 EXPECT_FALSE(d.request_failed());
353 EXPECT_EQ(200, req->GetResponseCode()); 574 EXPECT_EQ(200, req->GetResponseCode());
354 EXPECT_EQ(kBrotliDecodedHelloData, d.data_received()); 575 EXPECT_EQ(kBrotliDecodedHelloData, d.data_received());
355 EXPECT_TRUE(network_layer.done_reading_called()); 576 EXPECT_TRUE(network_layer.done_reading_called());
356 577
357 RemoveMockTransaction(&kBrotli_Slow_Transaction); 578 RemoveMockTransaction(&kBrotli_Slow_Transaction);
358 } 579 }
359 580
360 } // namespace net 581 } // namespace net
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698