// Copyright 2012 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include <memory> #include <string_view> #include "base/command_line.h" #include "base/functional/bind.h" #include "base/strings/string_number_conversions.h" #include "base/strings/stringprintf.h" #include "base/strings/utf_string_conversions.h" #include "base/synchronization/lock.h" #include "base/thread_annotations.h" #include "build/build_config.h" #include "build/chromeos_buildflags.h" #include "chrome/app/chrome_command_ids.h" #include "chrome/browser/browser_process.h" #include "chrome/browser/net/system_network_context_manager.h" #include "chrome/browser/renderer_context_menu/render_view_context_menu.h" #include "chrome/browser/renderer_context_menu/render_view_context_menu_browsertest_util.h" #include "chrome/browser/ui/browser.h" #include "chrome/browser/ui/browser_commands.h" #include "chrome/browser/ui/tabs/tab_strip_model.h" #include "chrome/common/chrome_features.h" #include "chrome/common/pref_names.h" #include "chrome/test/base/in_process_browser_test.h" #include "chrome/test/base/ui_test_utils.h" #include "components/prefs/pref_service.h" #include "content/public/browser/browser_thread.h" #include "content/public/browser/navigation_controller.h" #include "content/public/browser/navigation_entry.h" #include "content/public/browser/render_view_host.h" #include "content/public/browser/render_widget_host.h" #include "content/public/browser/storage_partition.h" #include "content/public/browser/web_contents.h" #include "content/public/common/content_features.h" #include "content/public/test/browser_test.h" #include "content/public/test/browser_test_utils.h" #include "net/base/features.h" #include "net/test/embedded_test_server/http_request.h" #include "services/network/public/mojom/referrer_policy.mojom-shared.h" #include "third_party/blink/public/common/features.h" #include "third_party/blink/public/common/input/web_input_event.h" #include "third_party/blink/public/common/input/web_mouse_event.h" #include "third_party/blink/public/common/loader/referrer_utils.h" #include "third_party/blink/public/common/switches.h" #include "ui/base/page_transition_types.h" #include "ui/base/window_open_disposition.h" class ReferrerPolicyTest : public InProcessBrowserTest { … }; // The basic behavior of referrer policies is covered by layout tests in // http/tests/security/referrer-policy-*. These tests cover (hopefully) all // code paths chrome uses to navigate. To keep the number of combinations down, // we only test the "origin" policy here. // Content initiated navigation, from HTTP to HTTP. IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, Origin) { … } // Content initiated navigation, from HTTPS to HTTP. IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, HttpsDefault) { … } // User initiated navigation, from HTTP to HTTP. IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, LeftClickOrigin) { … } // User initiated navigation, from HTTPS to HTTP. IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, HttpsLeftClickOrigin) { … } // User initiated navigation, middle click, from HTTP to HTTP. IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, MiddleClickOrigin) { … } // User initiated navigation, middle click, from HTTPS to HTTP. IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, HttpsMiddleClickOrigin) { … } // User initiated navigation, target blank, from HTTP to HTTP. IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, TargetBlankOrigin) { … } // User initiated navigation, target blank, from HTTPS to HTTP. IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, HttpsTargetBlankOrigin) { … } // User initiated navigation, middle click, target blank, from HTTP to HTTP. IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, MiddleClickTargetBlankOrigin) { … } // User initiated navigation, middle click, target blank, from HTTPS to HTTP. IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, HttpsMiddleClickTargetBlankOrigin) { … } // Context menu, from HTTP to HTTP. // TODO(crbug.com/40804570): Flaky on Lacros. #if BUILDFLAG(IS_CHROMEOS_LACROS) #define MAYBE_ContextMenuOrigin … #else #define MAYBE_ContextMenuOrigin … #endif IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, MAYBE_ContextMenuOrigin) { … } // Context menu, from HTTPS to HTTP. // TODO(crbug.com/40803947): Fix flakiness on Linux and Lacros then reenable. #if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS_LACROS) #define MAYBE_HttpsContextMenuOrigin … #else #define MAYBE_HttpsContextMenuOrigin … #endif IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, MAYBE_HttpsContextMenuOrigin) { … } // Content initiated navigation, from HTTP to HTTP via server redirect. IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, Redirect) { … } // Content initiated navigation, from HTTPS to HTTP via server redirect. IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, HttpsRedirect) { … } // User initiated navigation, from HTTP to HTTP via server redirect. IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, LeftClickRedirect) { … } // User initiated navigation, from HTTPS to HTTP via server redirect. IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, HttpsLeftClickRedirect) { … } // User initiated navigation, middle click, from HTTP to HTTP via server // redirect. IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, MiddleClickRedirect) { … } // User initiated navigation, middle click, from HTTPS to HTTP via server // redirect. IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, HttpsMiddleClickRedirect) { … } // User initiated navigation, target blank, from HTTP to HTTP via server // redirect. IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, TargetBlankRedirect) { … } // User initiated navigation, target blank, from HTTPS to HTTP via server // redirect. IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, HttpsTargetBlankRedirect) { … } // User initiated navigation, middle click, target blank, from HTTP to HTTP via // server redirect. IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, MiddleClickTargetBlankRedirect) { … } // User initiated navigation, middle click, target blank, from HTTPS to HTTP // via server redirect. IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, HttpsMiddleClickTargetBlankRedirect) { … } // Context menu, from HTTP to HTTP via server redirect. // TODO(crbug.com/40803947): Fix flakiness on Linux and Lacros then reenable. #if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS_LACROS) #define MAYBE_ContextMenuRedirect … #else #define MAYBE_ContextMenuRedirect … #endif IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, MAYBE_ContextMenuRedirect) { … } // Context menu, from HTTPS to HTTP via server redirect. // TODO(crbug.com/40804570): Flaky on Lacros. #if BUILDFLAG(IS_CHROMEOS_LACROS) #define MAYBE_HttpsContextMenuRedirect … #else #define MAYBE_HttpsContextMenuRedirect … #endif IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, MAYBE_HttpsContextMenuRedirect) { … } // Tests history navigation actions: Navigate from A to B with a referrer // policy, then navigate to C, back to B, and reload. IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, History) { … } // Tests that reloading a site for "request tablet version" correctly clears // the referrer. IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, RequestTabletSite) { … } // Test that an iframes gets the parent frames referrer and referrer policy if // the load was triggered by the parent, or from the iframe itself, if the // navigations was started by the iframe. IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, IFrame) { … } // Origin When Cross-Origin IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, HttpLeftClickHTTPSRedirectToHTTPOriginWhenCrossOrigin) { … } IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, HttpLeftClickRedirectToHTTPSOriginWhenCrossOrigin) { … } IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, HttpLeftClickRedirectToHTTPOriginWhenCrossOrigin) { … } // Same origin IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, HttpLeftClickHTTPRedirectToHTTPSameOrigin) { … } IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, HttpLeftClickHTTPRedirectToHTTPSSameOrigin) { … } // Strict origin IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, HttpLeftClickHTTPRedirectToHTTPStrictOrigin) { … } IN_PROC_BROWSER_TEST_F(ReferrerPolicyTest, HttpLeftClickHTTPSRedirectToHTTPStrictOrigin) { … } // Parameters for testing functionality imposing ad-hoc restrictions // on the behavior of referrers, for instance absolute caps like // "never send referrers" (as of writing, features::kNoReferrers) // or "on cross-origin requests, never send more than the initiator's // origin" (features::kCapReferrerToOriginOnCrossOrigin). // // These tests assume a default policy of no-referrer-when-downgrade. struct ReferrerOverrideParams { … } kReferrerOverrideParams[] = …; class ReferrerOverrideTest : public ReferrerPolicyTest, public ::testing::WithParamInterface<ReferrerOverrideParams> { … }; INSTANTIATE_TEST_SUITE_P(…); IN_PROC_BROWSER_TEST_P(ReferrerOverrideTest, SameOriginNavigation) { … } IN_PROC_BROWSER_TEST_P(ReferrerOverrideTest, CrossOriginNavigation) { … } IN_PROC_BROWSER_TEST_P(ReferrerOverrideTest, CrossOriginNavigationBrowserInitiated) { … } IN_PROC_BROWSER_TEST_P(ReferrerOverrideTest, CrossOriginDowngradeNavigation) { … } IN_PROC_BROWSER_TEST_P(ReferrerOverrideTest, CrossOriginRedirect) { … } IN_PROC_BROWSER_TEST_P(ReferrerOverrideTest, CrossOriginToSameOriginRedirect) { … } IN_PROC_BROWSER_TEST_P(ReferrerOverrideTest, SameOriginSubresource) { … } IN_PROC_BROWSER_TEST_P(ReferrerOverrideTest, SameOriginToCrossOriginSubresourceRedirect) { … } // Most of the functionality of the referrer-cap flag is covered by // ReferrerOverrideTest; these couple additional tests test the flag's // interaction with other referrer policies class ReferrerPolicyCapReferrerToOriginOnCrossOriginTest : public ReferrerPolicyTest { … }; // Test that capping referrer granularity at origin on cross-origin requests // correctly defers to a more restrictive referrer policy on a // cross-origin navigation. IN_PROC_BROWSER_TEST_F(ReferrerPolicyCapReferrerToOriginOnCrossOriginTest, HonorsMoreRestrictivePolicyOnNavigation) { … } // Test that capping referrer granularity at origin on cross-origin requests // correctly defers to a more restrictive referrer policy on a // cross-origin redirect. IN_PROC_BROWSER_TEST_F(ReferrerPolicyCapReferrerToOriginOnCrossOriginTest, HonorsMoreRestrictivePolicyOnRedirect) { … } // Test that, when the cross-origin referrer cap is on but we also have the // "no referrers at all" pref set, we send no referrer at all on cross-origin // requests. IN_PROC_BROWSER_TEST_F(ReferrerPolicyCapReferrerToOriginOnCrossOriginTest, RespectsNoReferrerPref) { … }
Codebase Browser
chromium