def test_header_private(self): for policy in [ 'no-referrer', 'same-origin', 'strict-origin', 'STRICT-ORIGIN', 'strict-origin-when-cross-origin' ]: self.reqs['responses']['auto'].headers['Referrer-Policy'] = policy result = referrer_policy(self.reqs) self.assertEquals('referrer-policy-private', result['result']) self.assertTrue(result['http']) self.assertFalse(result['meta']) self.assertTrue(result['pass']) # Do that same test with a <meta> http-equiv self.reqs = empty_requests( 'test_parse_http_equiv_headers_referrer1.html') result = referrer_policy(self.reqs) self.assertEquals('referrer-policy-private', result['result']) self.assertEquals('no-referrer, same-origin', result['data']) self.assertFalse(result['http']) self.assertTrue(result['meta']) self.assertTrue(result['pass']) # Note that <meta> http-equiv comes before the HTTP header self.reqs['responses']['auto'].headers[ 'Referrer-Policy'] = 'unsafe-url' result = referrer_policy(self.reqs) self.assertEquals('referrer-policy-private', result['result']) self.assertEquals('unsafe-url, no-referrer, same-origin', result['data']) self.assertTrue(result['http']) self.assertTrue(result['meta']) self.assertTrue(result['pass'])
def test_header_private(self): for policy in ['no-referrer', 'same-origin', 'strict-origin', 'STRICT-ORIGIN', 'strict-origin-when-cross-origin']: self.reqs['responses']['auto'].headers['Referrer-Policy'] = policy result = referrer_policy(self.reqs) self.assertEquals('referrer-policy-private', result['result']) self.assertTrue(result['http']) self.assertFalse(result['meta']) self.assertTrue(result['pass']) # Do that same test with a <meta> http-equiv self.reqs = empty_requests('test_parse_http_equiv_headers_referrer1.html') result = referrer_policy(self.reqs) self.assertEquals('referrer-policy-private', result['result']) self.assertEquals('no-referrer, same-origin', result['data']) self.assertFalse(result['http']) self.assertTrue(result['meta']) self.assertTrue(result['pass']) # Note that <meta> http-equiv comes before the HTTP header self.reqs['responses']['auto'].headers['Referrer-Policy'] = 'unsafe-url' result = referrer_policy(self.reqs) self.assertEquals('referrer-policy-private', result['result']) self.assertEquals('unsafe-url, no-referrer, same-origin', result['data']) self.assertTrue(result['http']) self.assertTrue(result['meta']) self.assertTrue(result['pass'])
def test_header_no_referrer_when_downgrade(self): self.reqs['responses']['auto'].headers['Referrer-Policy'] = 'no-referrer-when-downgrade' result = referrer_policy(self.reqs) self.assertEquals('referrer-policy-no-referrer-when-downgrade', result['result']) self.assertTrue(result['pass'])
def test_header_invalid(self): self.reqs['responses']['auto'].headers['Referrer-Policy'] = 'whimsy' result = referrer_policy(self.reqs) self.assertEquals('referrer-policy-header-invalid', result['result']) self.assertFalse(result['pass'])
def test_multiple_value_header_mix(self): self.reqs['responses']['auto'].headers['Referrer-Policy'] = 'no-referrer, whimsy' result = referrer_policy(self.reqs) self.assertEquals('referrer-policy-private', result['result']) self.assertTrue(result['pass'])
def test_multiple_value_header_invalid(self): self.reqs['responses']['auto'].headers['Referrer-Policy'] = 'whimsy, whimsy1, whimsy2' result = referrer_policy(self.reqs) self.assertEquals('referrer-policy-header-invalid', result['result']) self.assertFalse(result['pass'])
def test_multiple_value_header_all_valid(self): self.reqs['responses']['auto'].headers['Referrer-Policy'] = 'origin-when-cross-origin, no-referrer, unsafe-url' result = referrer_policy(self.reqs) self.assertEquals('referrer-policy-unsafe', result['result']) self.assertFalse(result['pass'])
def test_multiple_value_header_all_valid(self): self.reqs['responses']['auto'].headers[ 'Referrer-Policy'] = 'origin-when-cross-origin, no-referrer, unsafe-url' result = referrer_policy(self.reqs) self.assertEquals('referrer-policy-unsafe', result['result']) self.assertFalse(result['pass'])
def test_header_unsafe(self): for policy in ['origin', 'origin-when-cross-origin', 'unsafe-url']: self.reqs['responses']['auto'].headers['Referrer-Policy'] = policy result = referrer_policy(self.reqs) self.assertEquals('referrer-policy-unsafe', result['result']) self.assertFalse(result['pass'])
def test_header_private(self): for policy in ['no-referrer', 'same-origin', 'strict-origin', 'strict-origin-when-cross-origin']: self.reqs['responses']['auto'].headers['Referrer-Policy'] = policy result = referrer_policy(self.reqs) self.assertEquals('referrer-policy-private', result['result']) self.assertTrue(result['pass'])
def test_multiple_value_header_all_valid(self): valid_but_unsafe_policies = ['origin-when-cross-origin, no-referrer, unsafe-url', # safe in the middle 'no-referrer, unsafe-url'] # safe at the beginning for policy in valid_but_unsafe_policies: self.reqs['responses']['auto'].headers['Referrer-Policy'] = policy result = referrer_policy(self.reqs) self.assertEquals('referrer-policy-unsafe', result['result']) self.assertFalse(result['pass'])
def test_header_private(self): for policy in [ 'no-referrer', 'same-origin', 'strict-origin', 'strict-origin-when-cross-origin' ]: self.reqs['responses']['auto'].headers['Referrer-Policy'] = policy result = referrer_policy(self.reqs) self.assertEquals('referrer-policy-private', result['result']) self.assertTrue(result['pass'])
def test_missing(self): result = referrer_policy(self.reqs) self.assertEquals('referrer-policy-not-implemented', result['result']) self.assertTrue(result['pass'])