-
Notifications
You must be signed in to change notification settings - Fork 0
/
referrer-spoofing.html
56 lines (49 loc) · 2.21 KB
/
referrer-spoofing.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
<html>
<head>
</head>
<body>
<h1>Referrer Spoofing</h1>
<p>Top-level navigations:
<ul>
<li><a href="show-referrer.html">same-origin navigation</a> (should be untouched)</li>
<li><a href="https://fmarier.org/my-referrer/">cross-origin navigation</a> (should be trimmed to <tt>https://fmarier.github.io/</tt>)</li>
<li><a href="http://fmarier.com/referrer/show-referrer.html">cross-origin HTTP navigation</a> (should be blank)</li>
</ul></p>
<p>Form-submission:
<ul>
<form action="https://referrer.fmarier.org/show-referrer.html" method="POST">
<li>
<input type="submit" value="cross-origin submission"> (should be trimmed to <tt>https://fmarier.github.io/</tt>)
</li>
</form>
<form action="http://fmarier.com/referrer/show-referrer.html" method="POST">
<li>
<input type="submit" value="cross-origin HTTP submission"> (should be blank)
</li>
</form>
<li>
<a href="https://referrer.fmarier.org/form-submission.html">same-origin submission</a>
</li>
</ul>
<p>iframe navigations:
<ul>
<li>same-origin navigation:
<br><iframe width="500" height="50" src="show-referrer.html"></iframe>
<br>(should be untouched)</li>
<li>cross-origin navigation:
<br><iframe width="500" height="50" src="https://fmarier.org/referrer/show-referrer.html"></iframe>
<br>(should be trimmed to https://fmarier.github.io/)</li>
<li>cross-origin navigation (redirected via <tt>meta</tt>):
<br><iframe width="500" height="50" src="redirect-to-whatismyreferer.html"></iframe>
<br>(should be trimmed to https://fmarier.github.io/)</li>
<li>cross-origin navigation (redirected via an insecure <tt>301</tt>):
<br><iframe width="500" height="50" src="http://fmarier.github.io/brave-testing/show-referrer.html"></iframe>
<br>(should be blank)</li>
<li>cross-origin navigation:
<br><iframe width="500" height="50" src="https://referrer.fmarier.org/show-referrer.html"></iframe>
<br>(should be trimmed to https://fmarier.github.io/)</li>
</ul></p>
<p>More <a href="https://referrer.fmarier.org/redirects.html">redirection-based</a> and <a href="https://referrer.fmarier.org/samesite.html">same-site</a> tests.</p>
<p><img title="sub-resource (should be spoofed to https://fmarier.org)" src="https://fmarier.org/img/francois_marier.jpg"></p>
</body>
</html>