michael@0: var ios = Cc["@mozilla.org/network/io-service;1"]. michael@0: getService(Ci.nsIIOService); michael@0: michael@0: function getTestReferrer(server_uri, referer_uri) { michael@0: var chan = ios.newChannel(server_uri, "", null); michael@0: chan.QueryInterface(Components.interfaces.nsIHttpChannel); michael@0: chan.referrer = ios.newURI(referer_uri, null, null); michael@0: var header = null; michael@0: try { michael@0: header = chan.getRequestHeader("Referer"); michael@0: } michael@0: catch (NS_ERROR_NOT_AVAILABLE) {} michael@0: return header; michael@0: } michael@0: michael@0: function run_test() { michael@0: var prefs = Cc["@mozilla.org/preferences-service;1"] michael@0: .getService(Components.interfaces.nsIPrefBranch); michael@0: michael@0: var server_uri = "http://bar.examplesite.com/path2"; michael@0: var server_uri_2 = "http://bar.example.com/anotherpath"; michael@0: var referer_uri = "http://foo.example.com/path"; michael@0: var referer_uri_2 = "http://bar.examplesite.com/path3?q=blah"; michael@0: var referer_uri_2_anchor = "http://bar.examplesite.com/path3?q=blah#anchor"; michael@0: michael@0: // for https tests michael@0: var server_uri_https = "https://bar.example.com/anotherpath"; michael@0: var referer_uri_https = "https://bar.example.com/path3?q=blah"; michael@0: michael@0: // tests for sendRefererHeader michael@0: prefs.setIntPref("network.http.sendRefererHeader", 0); michael@0: do_check_null(getTestReferrer(server_uri, referer_uri)); michael@0: prefs.setIntPref("network.http.sendRefererHeader", 2); michael@0: do_check_eq(getTestReferrer(server_uri, referer_uri), referer_uri); michael@0: michael@0: // test that https ref is not sent to http michael@0: do_check_null(getTestReferrer(server_uri_2, referer_uri_https)); michael@0: michael@0: // tests for referer.spoofSource michael@0: prefs.setBoolPref("network.http.referer.spoofSource", true); michael@0: do_check_eq(getTestReferrer(server_uri, referer_uri), server_uri); michael@0: prefs.setBoolPref("network.http.referer.spoofSource", false); michael@0: do_check_eq(getTestReferrer(server_uri, referer_uri), referer_uri); michael@0: michael@0: // tests for referer.XOriginPolicy michael@0: prefs.setIntPref("network.http.referer.XOriginPolicy", 2); michael@0: do_check_null(getTestReferrer(server_uri_2, referer_uri)); michael@0: do_check_eq(getTestReferrer(server_uri, referer_uri_2), referer_uri_2); michael@0: prefs.setIntPref("network.http.referer.XOriginPolicy", 1); michael@0: do_check_eq(getTestReferrer(server_uri_2, referer_uri), referer_uri); michael@0: do_check_null(getTestReferrer(server_uri, referer_uri)); michael@0: // https test michael@0: do_check_eq(getTestReferrer(server_uri_https, referer_uri_https), referer_uri_https); michael@0: prefs.setIntPref("network.http.referer.XOriginPolicy", 0); michael@0: do_check_eq(getTestReferrer(server_uri, referer_uri), referer_uri); michael@0: michael@0: // tests for referer.trimmingPolicy michael@0: prefs.setIntPref("network.http.referer.trimmingPolicy", 1); michael@0: do_check_eq(getTestReferrer(server_uri, referer_uri_2), "http://bar.examplesite.com/path3"); michael@0: prefs.setIntPref("network.http.referer.trimmingPolicy", 2); michael@0: do_check_eq(getTestReferrer(server_uri, referer_uri_2), "http://bar.examplesite.com"); michael@0: // https test michael@0: do_check_eq(getTestReferrer(server_uri_https, referer_uri_https), "https://bar.example.com"); michael@0: prefs.setIntPref("network.http.referer.trimmingPolicy", 0); michael@0: // test that anchor is lopped off in ordinary case michael@0: do_check_eq(getTestReferrer(server_uri, referer_uri_2_anchor), referer_uri_2); michael@0: michael@0: // combination test: send spoofed path-only when hosts match michael@0: var combo_referer_uri = "http://blah.foo.com/path?q=hot"; michael@0: var dest_uri = "http://blah.foo.com:9999/spoofedpath?q=bad"; michael@0: prefs.setIntPref("network.http.referer.trimmingPolicy", 1); michael@0: prefs.setBoolPref("network.http.referer.spoofSource", true); michael@0: prefs.setIntPref("network.http.referer.XOriginPolicy", 2); michael@0: do_check_eq(getTestReferrer(dest_uri, combo_referer_uri), "http://blah.foo.com:9999/spoofedpath"); michael@0: do_check_null(getTestReferrer(dest_uri, "http://gah.foo.com/anotherpath")); michael@0: }