fix 'Hammerhead crashes on the slack.com/signin' page (close DevExpre…

…ss#1195)

src/processing/resources/page.js

@@ -99,8 +99,8 @@ class PageProcessor extends ResourceProcessorBase {
         if (metas) {
             metas.forEach(meta => {
                 // TODO: Figure out how to emulate the tag behavior.
-                if (domAdapter.getAttr(meta, 'name') === 'referrer' && domAdapter.getAttr(meta, 'content') === 'origin')
-                    parse5Utils.removeNode(meta);
+                if (domAdapter.getAttr(meta, 'name') === 'referrer')
+                    parse5Utils.setAttr(meta, 'content', 'unsafe-url');
                 // NOTE: Remove the existing ‘compatible’ meta tag and add a new one at the beginning of the head.
                 if (domAdapter.getAttr(meta, 'http-equiv') === 'X-UA-Compatible')
                     parse5Utils.removeNode(meta);

src/request-pipeline/header-transforms.js

@@ -132,7 +132,9 @@ var responseTransforms = {
         return 'ALLOW-FROM ' + proxiedUrl;
     },
 
-    'sourcemap': skip
+    'sourcemap': skip,
+
+    'referrer-policy': () => 'unsafe-url'
 };
 
 var responseForced = {

test/server/data/page/expected.html

@@ -7,6 +7,7 @@
     <meta http-equiv="Refresh" content="0;URL=http://127.0.0.1:1836/sessionId/http://link.url/">
     <meta>
     <meta id="metaWithoutContentAttr">
+    <meta name="referrer" content="unsafe-url">
     <base href="http://127.0.0.1:1836/sessionId/http://base.url" href-hammerhead-stored-value="http://base.url">
     <title></title>
     <style type="text/css">/*hammerhead|stylesheet|start*/

test/server/data/page/src.html

@@ -9,6 +9,7 @@
     <meta http-equiv="Refresh" content="0;URL=http://link.url/">
     <meta http-equiv="Content-Security-Policy" content="default-src https: 'unsafe-inline';">
     <meta http-equiv="Content-Security-Policy" id="metaWithoutContentAttr">
+    <meta name="referrer" content="no-referrer">
     <base href="http://base.url">
     <title></title>
     <style type="text/css">

test/server/proxy-test.js

@@ -56,7 +56,6 @@ describe('Proxy', function () {
     var proxy             = null;
     var session           = null;
 
-    // NOTE: Fixture setup/teardown.
     before(function () {
         var app = express();
 
@@ -301,6 +300,11 @@ describe('Proxy', function () {
             res.end('var i = 42;');
         });
 
+        app.get('/referrer-policy', function (req, res) {
+            res.setHeader('referrer-policy', 'no-referrer');
+            res.end('42');
+        });
+
         destServer = app.listen(2000);
 
 
@@ -332,8 +336,6 @@ describe('Proxy', function () {
         crossDomainServer.close();
     });
 
-
-    // NOTE: Test setup/teardown.
     beforeEach(function () {
         session = new Session();
 
@@ -1630,7 +1632,7 @@ describe('Proxy', function () {
                     });
 
                     res.on('end', function () {
-                        var responseEndInMs = getTimeInMs(process.hrtime(startTestTime));
+                        var responseEndInMs             = getTimeInMs(process.hrtime(startTestTime));
                         // NOTE: Only in node 0.10 response 'end' event can happen earlier than 1000 ms
                         var responseEndThresholdTimeout = 20;
 
@@ -2147,5 +2149,19 @@ describe('Proxy', function () {
                 done();
             });
         });
+
+        it('Should process a "referrer-policy" header (GH-1195)', function (done) {
+            var options = {
+                url:     proxy.openSession('http://127.0.0.1:2000/referrer-policy', session),
+                headers: {
+                    accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,*!/!*;q=0.8'
+                }
+            };
+
+            request(options, function (err, res) {
+                expect(res.headers['referrer-policy']).eql('unsafe-url');
+                done();
+            });
+        });
     });
 });