Chromium Code Reviews Chromium Code Reviews
Issue 714813003:
Referrer Policy: Add new policies to URLRequest. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: net/url_request/url_request_unittest.cc |
| diff --git a/net/url_request/url_request_unittest.cc b/net/url_request/url_request_unittest.cc |
| index 1d777dc50b9068f9e455b6d93e5dde4269161b57..c27422a87e1ad832055778cc20c2436b6027d5e8 100644 |
| --- a/net/url_request/url_request_unittest.cc |
| +++ b/net/url_request/url_request_unittest.cc |
| @@ -2827,6 +2827,59 @@ class URLRequestTestHTTP : public URLRequestTest { |
| return &test_server_; |
| } |
| + void VerifyReferrerPolicyAfterRedirect(URLRequest::ReferrerPolicy policy, |
| + SpawnedTestServer::Type origin, |
| + SpawnedTestServer::Type destination, |
| + const std::string& referrer, |
| + const std::string& expected) { |
| + // Spin up the servers. |
| + SpawnedTestServer https_test_server( |
| + SpawnedTestServer::TYPE_HTTPS, SpawnedTestServer::kLocalhost, |
| + base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); |
| + ASSERT_TRUE(https_test_server.Start()); |
| + ASSERT_TRUE(test_server_.Start()); |
|
mmenke
2014/11/19 16:29:03
All the server starting and stopping, particularly
Mike West
2014/11/20 10:45:30
That seems reasonable. It still requires us to spi
mmenke
2014/11/20 16:23:45
Starting two servers per test is much less likely
|
| + |
| + // Create and execute the request. |
| + GURL destination_url = destination == SpawnedTestServer::TYPE_HTTP |
| + ? test_server_.GetURL(std::string()) |
| + : https_test_server.GetURL(std::string()); |
| + GURL origin_url = |
| + origin == SpawnedTestServer::TYPE_HTTP |
| + ? test_server_.GetURL("server-redirect?" + destination_url.spec()) |
| + : https_test_server.GetURL("server-redirect?" + |
| + destination_url.spec()); |
| + |
| + std::string original_referrer = referrer; |
| + ReplaceFirstSubstringAfterOffset(&original_referrer, 0, "[HTTP_ORIGIN]", |
| + test_server_.GetURL(std::string()).spec()); |
| + ReplaceFirstSubstringAfterOffset( |
| + &original_referrer, 0, "[HTTPS_ORIGIN]", |
| + https_test_server.GetURL(std::string()).spec()); |
| + |
| + std::string expected_referrer = expected; |
| + ReplaceFirstSubstringAfterOffset(&expected_referrer, 0, "[HTTP_ORIGIN]", |
| + test_server_.GetURL(std::string()).spec()); |
| + ReplaceFirstSubstringAfterOffset( |
| + &expected_referrer, 0, "[HTTPS_ORIGIN]", |
| + https_test_server.GetURL(std::string()).spec()); |
| + |
| + TestDelegate d; |
| + scoped_ptr<URLRequest> req( |
| + default_context_.CreateRequest(origin_url, DEFAULT_PRIORITY, &d, NULL)); |
| + req->set_referrer_policy(policy); |
| + req->SetReferrer(original_referrer); |
| + req->Start(); |
| + base::RunLoop().Run(); |
| + |
| + EXPECT_EQ(1, d.response_started_count()); |
| + EXPECT_EQ(1, d.received_redirect_count()); |
| + EXPECT_EQ(destination_url, req->url()); |
| + EXPECT_EQ(expected_referrer, req->referrer()); |
| + |
| + ASSERT_TRUE(test_server_.Stop()); |
| + ASSERT_TRUE(https_test_server.Stop()); |
| + } |
| + |
| protected: |
| LocalHttpTestServer test_server_; |
| }; |
| @@ -3913,30 +3966,98 @@ TEST_F(URLRequestTestHTTP, GetZippedTest) { |
| } |
| } |
| -TEST_F(URLRequestTestHTTP, HTTPSToHTTPRedirectNoRefererTest) { |
| - ASSERT_TRUE(test_server_.Start()); |
| +TEST_F(URLRequestTestHTTP, ReferrerPolicyClearRefererOnTransition) { |
|
mmenke
2014/11/19 16:29:04
It's unexciting, but for completeness, should test
|
| + VerifyReferrerPolicyAfterRedirect( |
| + URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE, |
| + SpawnedTestServer::TYPE_HTTPS, SpawnedTestServer::TYPE_HTTPS, |
| + "https://www.referrer.com/path/to/file.html", |
| + "https://www.referrer.com/path/to/file.html"); |
| - SpawnedTestServer https_test_server( |
| - SpawnedTestServer::TYPE_HTTPS, SpawnedTestServer::kLocalhost, |
| - base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); |
| - ASSERT_TRUE(https_test_server.Start()); |
| + VerifyReferrerPolicyAfterRedirect( |
| + URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE, |
| + SpawnedTestServer::TYPE_HTTPS, SpawnedTestServer::TYPE_HTTP, |
| + "https://www.referrer.com/path/to/file.html", ""); |
| - // An https server is sent a request with an https referer, |
| - // and responds with a redirect to an http url. The http |
| - // server should not be sent the referer. |
| - GURL http_destination = test_server_.GetURL(std::string()); |
| - TestDelegate d; |
| - scoped_ptr<URLRequest> req(default_context_.CreateRequest( |
| - https_test_server.GetURL("server-redirect?" + http_destination.spec()), |
| - DEFAULT_PRIORITY, &d, NULL)); |
| - req->SetReferrer("https://www.referrer.com/"); |
| - req->Start(); |
| - base::RunLoop().Run(); |
| + VerifyReferrerPolicyAfterRedirect( |
| + URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE, |
| + SpawnedTestServer::TYPE_HTTP, SpawnedTestServer::TYPE_HTTPS, |
| + "http://www.referrer.com/path/to/file.html", |
| + "http://www.referrer.com/path/to/file.html"); |
| - EXPECT_EQ(1, d.response_started_count()); |
| - EXPECT_EQ(1, d.received_redirect_count()); |
| - EXPECT_EQ(http_destination, req->url()); |
| - EXPECT_EQ(std::string(), req->referrer()); |
| + VerifyReferrerPolicyAfterRedirect( |
| + URLRequest::CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE, |
| + SpawnedTestServer::TYPE_HTTP, SpawnedTestServer::TYPE_HTTP, |
| + "http://www.referrer.com/path/to/file.html", |
| + "http://www.referrer.com/path/to/file.html"); |
| +} |
| + |
| +TEST_F(URLRequestTestHTTP, ReferrerPolicyNeverClearReferer) { |
| + VerifyReferrerPolicyAfterRedirect( |
| + URLRequest::NEVER_CLEAR_REFERRER, SpawnedTestServer::TYPE_HTTPS, |
| + SpawnedTestServer::TYPE_HTTPS, |
| + "https://www.referrer.com/path/to/file.html", |
| + "https://www.referrer.com/path/to/file.html"); |
| + |
| + VerifyReferrerPolicyAfterRedirect( |
| + URLRequest::NEVER_CLEAR_REFERRER, SpawnedTestServer::TYPE_HTTPS, |
| + SpawnedTestServer::TYPE_HTTP, |
| + "https://www.referrer.com/path/to/file.html", |
| + "https://www.referrer.com/path/to/file.html"); |
| + |
| + VerifyReferrerPolicyAfterRedirect( |
| + URLRequest::NEVER_CLEAR_REFERRER, SpawnedTestServer::TYPE_HTTP, |
| + SpawnedTestServer::TYPE_HTTPS, |
| + "http://www.referrer.com/path/to/file.html", |
| + "http://www.referrer.com/path/to/file.html"); |
| + |
| + VerifyReferrerPolicyAfterRedirect( |
| + URLRequest::NEVER_CLEAR_REFERRER, SpawnedTestServer::TYPE_HTTP, |
| + SpawnedTestServer::TYPE_HTTP, "http://www.referrer.com/path/to/file.html", |
| + "http://www.referrer.com/path/to/file.html"); |
| +} |
| + |
| +TEST_F(URLRequestTestHTTP, ReferrerPolicyReduceReferrerGranularity) { |
|
mmenke
2014/11/19 16:29:03
We actually have 6 cases for all these tests, not
|
| + VerifyReferrerPolicyAfterRedirect( |
| + URLRequest::REDUCE_REFERRER_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN, |
| + SpawnedTestServer::TYPE_HTTPS, SpawnedTestServer::TYPE_HTTPS, |
| + "[HTTPS_ORIGIN]path/to/file.html", "[HTTPS_ORIGIN]path/to/file.html"); |
| + |
| + VerifyReferrerPolicyAfterRedirect( |
| + URLRequest::REDUCE_REFERRER_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN, |
| + SpawnedTestServer::TYPE_HTTPS, SpawnedTestServer::TYPE_HTTP, |
| + "[HTTPS_ORIGIN]path/to/file.html", ""); |
| + |
| + VerifyReferrerPolicyAfterRedirect( |
| + URLRequest::REDUCE_REFERRER_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN, |
| + SpawnedTestServer::TYPE_HTTP, SpawnedTestServer::TYPE_HTTPS, |
| + "[HTTP_ORIGIN]path/to/file.html", "[HTTP_ORIGIN]"); |
| + |
| + VerifyReferrerPolicyAfterRedirect( |
| + URLRequest::REDUCE_REFERRER_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN, |
| + SpawnedTestServer::TYPE_HTTP, SpawnedTestServer::TYPE_HTTP, |
| + "[HTTP_ORIGIN]path/to/file.html", "[HTTP_ORIGIN]path/to/file.html"); |
| +} |
| + |
| +TEST_F(URLRequestTestHTTP, ReferrerPolicyOriginOnly) { |
| + VerifyReferrerPolicyAfterRedirect( |
| + URLRequest::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN, |
| + SpawnedTestServer::TYPE_HTTPS, SpawnedTestServer::TYPE_HTTPS, |
| + "[HTTPS_ORIGIN]path/to/file.html", "[HTTPS_ORIGIN]path/to/file.html"); |
|
mmenke
2014/11/19 16:29:03
Shouldn't we test HTTPS cross origin, too, where w
Mike West
2014/11/20 10:45:30
Added cross-origin HTTPS tests.
|
| + |
| + VerifyReferrerPolicyAfterRedirect( |
| + URLRequest::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN, |
| + SpawnedTestServer::TYPE_HTTPS, SpawnedTestServer::TYPE_HTTP, |
| + "[HTTPS_ORIGIN]path/to/file.html", "[HTTPS_ORIGIN]"); |
|
mmenke
2014/11/19 16:29:04
I thought we should clear the referrer in this cas
Mike West
2014/11/20 10:45:30
No, we clear it for "REDUCED_WHATEVER_...", but "O
|
| + |
| + VerifyReferrerPolicyAfterRedirect( |
| + URLRequest::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN, |
| + SpawnedTestServer::TYPE_HTTP, SpawnedTestServer::TYPE_HTTPS, |
| + "[HTTP_ORIGIN]path/to/file.html", "[HTTP_ORIGIN]"); |
| + |
| + VerifyReferrerPolicyAfterRedirect( |
| + URLRequest::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN, |
| + SpawnedTestServer::TYPE_HTTP, SpawnedTestServer::TYPE_HTTP, |
| + "[HTTP_ORIGIN]path/to/file.html", "[HTTP_ORIGIN]path/to/file.html"); |
| } |
| TEST_F(URLRequestTestHTTP, RedirectLoadTiming) { |
