Security/Origin:Test Plan
From MozillaWiki
< Security
Contents
Test Plan for Origin Header
This page will outline things that need to be tested to ensure an implementation of the "Origin" header (or whatever we have to call it) works properly.
HTML tags/attributes that cause HTTP requests
Standard URI tag attributes common to all HTML5 tags:
| Attribute | Description |
|---|---|
| ref | Reference to another document or part of the document (only if the template attribute is set) |
| template | Reference to another document or part of the document that should be applied to an element |
Non-standard attributes
| Tag | Attribute | HTML v. | Request When | Origin Value Sent |
|---|---|---|---|---|
| a | href | 4, 5 | when clicked | "null" |
| ping | 5 | when clicked | "null" | |
| area | href | 4, 5 | when clicked | "null" |
| ping | 5 | when clicked | "null" | |
| audio | src | 5 | on play | "null"? |
| blockquote | cite | 4, 5 | ? | ? |
| body | background | 4 | on render (deprecated) | "null" |
| command | icon | 5 | on render | "null" |
| del | cite | 4, 5 | ? | ? |
| embed | src | 5 | on render | origin |
| eventsource | src | 5 | on load, and repeated ?? | origin ? |
| form | action | 4, 5 | submit/click | origin |
| data | 5 | on render | "null"? | |
| frame | longdesc | 4 | on render (deprecated) | origin ? |
| src | 4 | on render (deprecated) | origin | |
| html | manifest | 4, 5 | on render (fetches cache manifest) | "null" |
| iframe | longdesc | 4 | on render (not supported) | "null" ? |
| src | 4, 5 | on render | origin | |
| img | src | 4, 5 | on render | "null" |
| ismap | 4, 5 | on click ? | "null" | |
| longdesc | 4 | on render (not supported) | "null" | |
| usemap | 4, 5 | on render ? | "null" | |
| input | src | 4, 5 | on render (image button) | "null" |
| ins | cite | 4, 5 | ? | ? |
| link | href | 4, 5 | on parse | "null" ? |
| object | archive | 4 | on render | "null" |
| codebase | 4 | on render | "null" | |
| data | 4, 5 | on render | "null" | |
| usemap | 4, 5 | on render | "null" | |
| q | cite | 4, 5 | ? | ? |
| script | src | 4, 5 | on render | origin |
| select | data | 5 | on parse | origin |
| source | src | 5 | on parse | ? |
| video | src | 5 | on play | "null" |
| poster | 5 | on render | "null" |
JavaScript expressions that cause an HTTP request
window.location window.open ...
TODO
Frame-nesting Scenarios
Because the list of frame ancestors is sent in a header, we must make sure that the appropriate origin data is sent even when the target of the request is deep inside a set of frames. The following scenarios will be checked:
TODO: images for the following where A is the frame target for the request
- A alone (origin only)
- B embeds A (origin + B)
- B embeds both C and A as siblings (origin + B)
- C embeds B and D, B embeds A (origin + C B)
- B embeds A, A embeds C (origin + B)
- C embeds B, B embeds A (origin + C B)
Planning/deployment of a Test Suite
TODO
