Meta referrer isn't honored for window.open
authorjochen@chromium.org <jochen@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 28 Feb 2013 21:45:58 +0000 (21:45 +0000)
committerjochen@chromium.org <jochen@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 28 Feb 2013 21:45:58 +0000 (21:45 +0000)
https://bugs.webkit.org/show_bug.cgi?id=111076

Reviewed by Adam Barth.

Source/WebCore:

Test: http/tests/security/referrer-policy-window-open.html

* loader/FrameLoader.cpp:
(WebCore::FrameLoader::urlSelected): loadFrameRequest() will set the correct referrer
(WebCore::createWindow): This code is required for the inspector which doesn't set the referrer
* page/DOMWindow.cpp:
(WebCore::DOMWindow::createWindow):

LayoutTests:

* http/tests/security/referrer-policy-window-open-expected.txt: Added.
* http/tests/security/referrer-policy-window-open.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@144360 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/http/tests/security/referrer-policy-window-open-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/security/referrer-policy-window-open.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/loader/FrameLoader.cpp
Source/WebCore/page/DOMWindow.cpp

index c5aa074..fc0973e 100644 (file)
@@ -1,3 +1,13 @@
+2013-02-28  Jochen Eisinger  <jochen@chromium.org>
+
+        Meta referrer isn't honored for window.open
+        https://bugs.webkit.org/show_bug.cgi?id=111076
+
+        Reviewed by Adam Barth.
+
+        * http/tests/security/referrer-policy-window-open-expected.txt: Added.
+        * http/tests/security/referrer-policy-window-open.html: Added.
+
 2013-02-28  Kondapally Kalyan  <kalyan.kondapally@intel.com>
 
         [EFL][WebGL] Enable compositing/webgl/webgl-reflection.html.
diff --git a/LayoutTests/http/tests/security/referrer-policy-window-open-expected.txt b/LayoutTests/http/tests/security/referrer-policy-window-open-expected.txt
new file mode 100644 (file)
index 0000000..a931994
--- /dev/null
@@ -0,0 +1,5 @@
+This test opens a new window. It passes, if the referrer is the origin only.
+
+HTTP Referer header is http://127.0.0.1:8000/
+Referrer is http://127.0.0.1:8000/
+
diff --git a/LayoutTests/http/tests/security/referrer-policy-window-open.html b/LayoutTests/http/tests/security/referrer-policy-window-open.html
new file mode 100644 (file)
index 0000000..21f8cf1
--- /dev/null
@@ -0,0 +1,34 @@
+<html>
+<head>
+<meta name="referrer" content="origin" />
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+    testRunner.setCanOpenWindows();
+}
+
+window.addEventListener("message", receiveMessage, false);
+
+function receiveMessage(evt) {
+    if (evt.data == "done") {
+        if (window.testRunner)
+            testRunner.notifyDone();
+    } else {
+        document.getElementById("log").innerHTML += evt.data + "<br>";
+    }
+}
+</script>
+</head>
+<body>
+<p>
+    This test opens a new window. It passes, if the referrer is the origin
+    only.
+</p>
+<div id="log">
+</div>
+<script>
+window.open("resources/referrer-policy-postmessage.php");
+</script>
+</body>
+</html>
index df97f10..0a14e33 100644 (file)
@@ -1,3 +1,18 @@
+2013-02-28  Jochen Eisinger  <jochen@chromium.org>
+
+        Meta referrer isn't honored for window.open
+        https://bugs.webkit.org/show_bug.cgi?id=111076
+
+        Reviewed by Adam Barth.
+
+        Test: http/tests/security/referrer-policy-window-open.html
+
+        * loader/FrameLoader.cpp:
+        (WebCore::FrameLoader::urlSelected): loadFrameRequest() will set the correct referrer
+        (WebCore::createWindow): This code is required for the inspector which doesn't set the referrer
+        * page/DOMWindow.cpp:
+        (WebCore::DOMWindow::createWindow):
+
 2013-02-28  Bruno de Oliveira Abinader  <bruno.abinader@basyskom.com>
 
         [texmap] Remove redundant defines on TextureMapperGL
index 3f501be..6d247ba 100644 (file)
@@ -311,8 +311,6 @@ void FrameLoader::urlSelected(const FrameLoadRequest& passedRequest, PassRefPtr<
 
     if (shouldSendReferrer == NeverSendReferrer)
         m_suppressOpenerInNewFrame = true;
-    if (frameRequest.resourceRequest().httpReferrer().isEmpty())
-        frameRequest.resourceRequest().setHTTPReferrer(outgoingReferrer());
     addHTTPOriginIfNeeded(frameRequest.resourceRequest(), outgoingOrigin());
 
     loadFrameRequest(frameRequest, lockHistory, lockBackForwardList, triggeringEvent, 0, shouldSendReferrer);
@@ -3349,7 +3347,9 @@ Frame* createWindow(Frame* openerFrame, Frame* lookupFrame, const FrameLoadReque
 
     // FIXME: Setting the referrer should be the caller's responsibility.
     FrameLoadRequest requestWithReferrer = request;
-    requestWithReferrer.resourceRequest().setHTTPReferrer(openerFrame->loader()->outgoingReferrer());
+    String referrer = SecurityPolicy::generateReferrerHeader(openerFrame->document()->referrerPolicy(), request.resourceRequest().url(), openerFrame->loader()->outgoingReferrer());
+    if (!referrer.isEmpty())
+        requestWithReferrer.resourceRequest().setHTTPReferrer(referrer);
     FrameLoader::addHTTPOriginIfNeeded(requestWithReferrer.resourceRequest(), openerFrame->loader()->outgoingOrigin());
 
     if (openerFrame->settings() && !openerFrame->settings()->supportsMultipleWindows()) {
index 3f26b11..e8e011d 100644 (file)
@@ -85,6 +85,7 @@
 #include "ScriptCallStack.h"
 #include "ScriptCallStackFactory.h"
 #include "SecurityOrigin.h"
+#include "SecurityPolicy.h"
 #include "SerializedScriptValue.h"
 #include "Settings.h"
 #include "Storage.h"
@@ -1867,9 +1868,6 @@ Frame* DOMWindow::createWindow(const String& urlString, const AtomicString& fram
 {
     Frame* activeFrame = activeWindow->frame();
 
-    // For whatever reason, Firefox uses the first frame to determine the outgoingReferrer. We replicate that behavior here.
-    String referrer = firstFrame->loader()->outgoingReferrer();
-
     KURL completedURL = urlString.isEmpty() ? KURL(ParsedURLString, emptyString()) : firstFrame->document()->completeURL(urlString);
     if (!completedURL.isEmpty() && !completedURL.isValid()) {
         // Don't expose client code to invalid URLs.
@@ -1877,6 +1875,9 @@ Frame* DOMWindow::createWindow(const String& urlString, const AtomicString& fram
         return 0;
     }
 
+    // For whatever reason, Firefox uses the first frame to determine the outgoingReferrer. We replicate that behavior here.
+    String referrer = SecurityPolicy::generateReferrerHeader(firstFrame->document()->referrerPolicy(), completedURL, firstFrame->loader()->outgoingReferrer());
+
     ResourceRequest request(completedURL, referrer);
     FrameLoader::addHTTPOriginIfNeeded(request, firstFrame->loader()->outgoingOrigin());
     FrameLoadRequest frameRequest(activeWindow->document()->securityOrigin(), request, frameName);