WebKit Bugzilla
Attachment 370878 Details for
Bug 185550
: Add referrerpolicy attribute support for <script> elements
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-185550-20190529221335.patch (text/plain), 82.08 KB, created by
Rob Buis
on 2019-05-29 13:13:37 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Rob Buis
Created:
2019-05-29 13:13:37 PDT
Size:
82.08 KB
patch
obsolete
>Subversion Revision: 245848 >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index 8e69cea76eafa8618c7773cc85d1c631fb4cbd8e..0bbf7be9861f11112b541c25c74d9c20bfd6d081 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,82 @@ >+2019-05-29 Rob Buis <rbuis@igalia.com> >+ >+ Add referrerpolicy attribute support for <script> elements >+ https://bugs.webkit.org/show_bug.cgi?id=185550 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ This patch adds 'referrerpolicy' attribute support for script elements. >+ If set, the value is restricted to the ReferrerPolicy enum, and >+ if valid it is used for the script fetch. >+ If not set or invalid, the current behavior is kept. >+ >+ Tests: http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http-http.html >+ http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http.https.html >+ http/tests/referrer-policy-script/no-referrer-when-downgrade/same-origin.html >+ http/tests/referrer-policy-script/no-referrer/cross-origin-http-http.html >+ http/tests/referrer-policy-script/no-referrer/cross-origin-http.https.html >+ http/tests/referrer-policy-script/no-referrer/same-origin.html >+ http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http-http.html >+ http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http.https.html >+ http/tests/referrer-policy-script/origin-when-cross-origin/same-origin.html >+ http/tests/referrer-policy-script/origin/cross-origin-http-http.html >+ http/tests/referrer-policy-script/origin/cross-origin-http.https.html >+ http/tests/referrer-policy-script/origin/same-origin.html >+ http/tests/referrer-policy-script/same-origin/cross-origin-http-http.html >+ http/tests/referrer-policy-script/same-origin/cross-origin-http.https.html >+ http/tests/referrer-policy-script/same-origin/same-origin.html >+ http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http-http.html >+ http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http.https.html >+ http/tests/referrer-policy-script/strict-origin-when-cross-origin/same-origin.html >+ http/tests/referrer-policy-script/strict-origin/cross-origin-http-http.html >+ http/tests/referrer-policy-script/strict-origin/cross-origin-http.https.html >+ http/tests/referrer-policy-script/strict-origin/same-origin.html >+ http/tests/referrer-policy-script/unsafe-url/cross-origin-http-http.html >+ http/tests/referrer-policy-script/unsafe-url/cross-origin-http.https.html >+ http/tests/referrer-policy-script/unsafe-url/same-origin.html >+ >+ * bindings/js/CachedScriptFetcher.cpp: >+ (WebCore::CachedScriptFetcher::requestScriptWithCache const): >+ * bindings/js/CachedScriptFetcher.h: >+ (WebCore::CachedScriptFetcher::CachedScriptFetcher): >+ * dom/InlineClassicScript.h: >+ * dom/LoadableClassicScript.cpp: >+ (WebCore::LoadableClassicScript::create): >+ * dom/LoadableClassicScript.h: >+ * dom/LoadableModuleScript.cpp: >+ (WebCore::LoadableModuleScript::create): >+ (WebCore::LoadableModuleScript::LoadableModuleScript): >+ * dom/LoadableModuleScript.h: >+ * dom/LoadableScript.h: >+ (WebCore::LoadableScript::LoadableScript): >+ * dom/ScriptElement.cpp: >+ (WebCore::ScriptElement::requestClassicScript): >+ (WebCore::ScriptElement::requestModuleScript): >+ * dom/ScriptElement.h: >+ * dom/ScriptElementCachedScriptFetcher.h: >+ (WebCore::ScriptElementCachedScriptFetcher::ScriptElementCachedScriptFetcher): >+ * html/HTMLIFrameElement.cpp: >+ (WebCore::HTMLIFrameElement::referrerPolicyForBindings const): >+ * html/HTMLScriptElement.cpp: >+ (WebCore::HTMLScriptElement::setReferrerPolicyForBindings): >+ (WebCore::HTMLScriptElement::referrerPolicyForBindings const): >+ (WebCore::HTMLScriptElement::referrerPolicy const): >+ * html/HTMLScriptElement.h: >+ * html/HTMLScriptElement.idl: >+ * html/parser/CSSPreloadScanner.cpp: >+ (WebCore::CSSPreloadScanner::emitRule): >+ * html/parser/HTMLPreloadScanner.cpp: >+ (WebCore::TokenPreloadScanner::StartTagScanner::createPreloadRequest): >+ (WebCore::TokenPreloadScanner::StartTagScanner::processAttribute): >+ * html/parser/HTMLResourcePreloader.cpp: >+ (WebCore::PreloadRequest::resourceRequest): >+ * html/parser/HTMLResourcePreloader.h: >+ (WebCore::PreloadRequest::PreloadRequest): >+ * platform/ReferrerPolicy.cpp: >+ (WebCore::referrerPolicyToString): >+ * platform/ReferrerPolicy.h: Add referrerpolicy serializing. >+ * svg/SVGScriptElement.h: >+ > 2019-05-28 Yacine Bandou <yacine.bandou@softathome.com> > > [MSE][GStreamer] update the readyState correctly in MediaPlayerPrivateGStreamerMSE >diff --git a/Source/WebCore/bindings/js/CachedScriptFetcher.cpp b/Source/WebCore/bindings/js/CachedScriptFetcher.cpp >index 7c87b23938e433e508c0fb80be9c9e6fde382103..60fc1b24191f2cd0154778c9c87d101b320ffd74 100644 >--- a/Source/WebCore/bindings/js/CachedScriptFetcher.cpp >+++ b/Source/WebCore/bindings/js/CachedScriptFetcher.cpp >@@ -56,6 +56,7 @@ CachedResourceHandle<CachedScript> CachedScriptFetcher::requestScriptWithCache(D > options.contentSecurityPolicyImposition = hasKnownNonce ? ContentSecurityPolicyImposition::SkipPolicyCheck : ContentSecurityPolicyImposition::DoPolicyCheck; > options.sameOriginDataURLFlag = SameOriginDataURLFlag::Set; > options.integrity = WTFMove(integrity); >+ options.referrerPolicy = m_referrerPolicy; > > auto request = createPotentialAccessControlRequest(sourceURL, document, crossOriginMode, WTFMove(options)); > request.upgradeInsecureRequestIfNeeded(document); >diff --git a/Source/WebCore/bindings/js/CachedScriptFetcher.h b/Source/WebCore/bindings/js/CachedScriptFetcher.h >index d5391c697d7cf4f6f5d4079ca272ef77ea9caba7..1db21a19719eb61ff0b3826f4c3ad96ca11dcdc0 100644 >--- a/Source/WebCore/bindings/js/CachedScriptFetcher.h >+++ b/Source/WebCore/bindings/js/CachedScriptFetcher.h >@@ -26,6 +26,7 @@ > #pragma once > > #include "CachedResourceHandle.h" >+#include "ReferrerPolicy.h" > #include <JavaScriptCore/ScriptFetcher.h> > #include <wtf/text/WTFString.h> > >@@ -41,11 +42,12 @@ public: > static Ref<CachedScriptFetcher> create(const String& charset); > > protected: >- CachedScriptFetcher(const String& nonce, const String& charset, const AtomicString& initiatorName, bool isInUserAgentShadowTree) >+ CachedScriptFetcher(const String& nonce, const ReferrerPolicy& referrerPolicy, const String& charset, const AtomicString& initiatorName, bool isInUserAgentShadowTree) > : m_nonce(nonce) > , m_charset(charset) > , m_initiatorName(initiatorName) > , m_isInUserAgentShadowTree(isInUserAgentShadowTree) >+ , m_referrerPolicy(referrerPolicy) > { > } > >@@ -61,6 +63,7 @@ private: > String m_charset; > AtomicString m_initiatorName; > bool m_isInUserAgentShadowTree { false }; >+ ReferrerPolicy m_referrerPolicy { ReferrerPolicy::EmptyString }; > }; > > } // namespace WebCore >diff --git a/Source/WebCore/dom/InlineClassicScript.h b/Source/WebCore/dom/InlineClassicScript.h >index 9fa9f31f4e3f6bd67975ca616a4c2e70c7ad228b..bde6590e2d2cc587c5657699e6f72bd42bcf0bbe 100644 >--- a/Source/WebCore/dom/InlineClassicScript.h >+++ b/Source/WebCore/dom/InlineClassicScript.h >@@ -40,7 +40,7 @@ public: > > private: > InlineClassicScript(const String& nonce, const String& crossOriginMode, const String& charset, const AtomicString& initiatorName, bool isInUserAgentShadowTree) >- : ScriptElementCachedScriptFetcher(nonce, crossOriginMode, charset, initiatorName, isInUserAgentShadowTree) >+ : ScriptElementCachedScriptFetcher(nonce, ReferrerPolicy::EmptyString, crossOriginMode, charset, initiatorName, isInUserAgentShadowTree) > { > } > }; >diff --git a/Source/WebCore/dom/LoadableClassicScript.cpp b/Source/WebCore/dom/LoadableClassicScript.cpp >index d927e95be269a25ae4336a74b00027c1758fe48a..36d5a3be6c5b4b24223a05eadef9a858c4103c24 100644 >--- a/Source/WebCore/dom/LoadableClassicScript.cpp >+++ b/Source/WebCore/dom/LoadableClassicScript.cpp >@@ -35,9 +35,9 @@ > > namespace WebCore { > >-Ref<LoadableClassicScript> LoadableClassicScript::create(const String& nonce, const String& integrityMetadata, const String& crossOriginMode, const String& charset, const AtomicString& initiatorName, bool isInUserAgentShadowTree) >+Ref<LoadableClassicScript> LoadableClassicScript::create(const String& nonce, const String& integrityMetadata, const ReferrerPolicy& policy, const String& crossOriginMode, const String& charset, const AtomicString& initiatorName, bool isInUserAgentShadowTree) > { >- return adoptRef(*new LoadableClassicScript(nonce, integrityMetadata, crossOriginMode, charset, initiatorName, isInUserAgentShadowTree)); >+ return adoptRef(*new LoadableClassicScript(nonce, integrityMetadata, policy, crossOriginMode, charset, initiatorName, isInUserAgentShadowTree)); > } > > LoadableClassicScript::~LoadableClassicScript() >diff --git a/Source/WebCore/dom/LoadableClassicScript.h b/Source/WebCore/dom/LoadableClassicScript.h >index 067644a47d1f9d902b4e196aaeffa8a6f95d4f0f..b2dfbd4c3fdb39933bbb97f623941d6e48a9e610 100644 >--- a/Source/WebCore/dom/LoadableClassicScript.h >+++ b/Source/WebCore/dom/LoadableClassicScript.h >@@ -29,6 +29,7 @@ > #include "CachedResourceHandle.h" > #include "CachedScript.h" > #include "LoadableScript.h" >+#include "ReferrerPolicy.h" > #include <wtf/TypeCasts.h> > > namespace WebCore { >@@ -40,7 +41,7 @@ class LoadableClassicScript final : public LoadableScript, private CachedResourc > public: > virtual ~LoadableClassicScript(); > >- static Ref<LoadableClassicScript> create(const String& nonce, const String& integrity, const String& crossOriginMode, const String& charset, const AtomicString& initiatorName, bool isInUserAgentShadowTree); >+ static Ref<LoadableClassicScript> create(const String& nonce, const String& integrity, const ReferrerPolicy&, const String& crossOriginMode, const String& charset, const AtomicString& initiatorName, bool isInUserAgentShadowTree); > bool isLoaded() const final; > Optional<Error> error() const final; > bool wasCanceled() const final; >@@ -55,8 +56,8 @@ public: > bool load(Document&, const URL&); > > private: >- LoadableClassicScript(const String& nonce, const String& integrity, const String& crossOriginMode, const String& charset, const AtomicString& initiatorName, bool isInUserAgentShadowTree) >- : LoadableScript(nonce, crossOriginMode, charset, initiatorName, isInUserAgentShadowTree) >+ LoadableClassicScript(const String& nonce, const String& integrity, const ReferrerPolicy& policy, const String& crossOriginMode, const String& charset, const AtomicString& initiatorName, bool isInUserAgentShadowTree) >+ : LoadableScript(nonce, policy, crossOriginMode, charset, initiatorName, isInUserAgentShadowTree) > , m_integrity(integrity) > { > } >diff --git a/Source/WebCore/dom/LoadableModuleScript.cpp b/Source/WebCore/dom/LoadableModuleScript.cpp >index 322cd3a7392c9bf0e4570d571275daa367748e21..b72f80203b523ff6612c311167600d0db2993850 100644 >--- a/Source/WebCore/dom/LoadableModuleScript.cpp >+++ b/Source/WebCore/dom/LoadableModuleScript.cpp >@@ -34,13 +34,13 @@ > > namespace WebCore { > >-Ref<LoadableModuleScript> LoadableModuleScript::create(const String& nonce, const String& integrity, const String& crossOriginMode, const String& charset, const AtomicString& initiatorName, bool isInUserAgentShadowTree) >+Ref<LoadableModuleScript> LoadableModuleScript::create(const String& nonce, const String& integrity, const ReferrerPolicy& policy, const String& crossOriginMode, const String& charset, const AtomicString& initiatorName, bool isInUserAgentShadowTree) > { >- return adoptRef(*new LoadableModuleScript(nonce, integrity, crossOriginMode, charset, initiatorName, isInUserAgentShadowTree)); >+ return adoptRef(*new LoadableModuleScript(nonce, integrity, policy, crossOriginMode, charset, initiatorName, isInUserAgentShadowTree)); > } > >-LoadableModuleScript::LoadableModuleScript(const String& nonce, const String& integrity, const String& crossOriginMode, const String& charset, const AtomicString& initiatorName, bool isInUserAgentShadowTree) >- : LoadableScript(nonce, crossOriginMode, charset, initiatorName, isInUserAgentShadowTree) >+LoadableModuleScript::LoadableModuleScript(const String& nonce, const String& integrity, const ReferrerPolicy& policy, const String& crossOriginMode, const String& charset, const AtomicString& initiatorName, bool isInUserAgentShadowTree) >+ : LoadableScript(nonce, policy, crossOriginMode, charset, initiatorName, isInUserAgentShadowTree) > , m_parameters(ModuleFetchParameters::create(integrity)) > { > } >diff --git a/Source/WebCore/dom/LoadableModuleScript.h b/Source/WebCore/dom/LoadableModuleScript.h >index 173dca36aa174c3813182490d1aec6f6f7af64d5..8ea6bf99d6bea25cb598266d8cedf105ff2ab188 100644 >--- a/Source/WebCore/dom/LoadableModuleScript.h >+++ b/Source/WebCore/dom/LoadableModuleScript.h >@@ -37,7 +37,7 @@ class LoadableModuleScript final : public LoadableScript { > public: > virtual ~LoadableModuleScript(); > >- static Ref<LoadableModuleScript> create(const String& nonce, const String& integrity, const String& crossOriginMode, const String& charset, const AtomicString& initiatorName, bool isInUserAgentShadowTree); >+ static Ref<LoadableModuleScript> create(const String& nonce, const String& integrity, const ReferrerPolicy&, const String& crossOriginMode, const String& charset, const AtomicString& initiatorName, bool isInUserAgentShadowTree); > > bool isLoaded() const final; > Optional<Error> error() const final; >@@ -60,7 +60,7 @@ public: > UniquedStringImpl* moduleKey() const { return m_moduleKey.get(); } > > private: >- LoadableModuleScript(const String& nonce, const String& integrity, const String& crossOriginMode, const String& charset, const AtomicString& initiatorName, bool isInUserAgentShadowTree); >+ LoadableModuleScript(const String& nonce, const String& integrity, const ReferrerPolicy&, const String& crossOriginMode, const String& charset, const AtomicString& initiatorName, bool isInUserAgentShadowTree); > > Ref<ModuleFetchParameters> m_parameters; > RefPtr<UniquedStringImpl> m_moduleKey; >diff --git a/Source/WebCore/dom/LoadableScript.h b/Source/WebCore/dom/LoadableScript.h >index 670badf34d8caddd3e5a8ab106a1bc35c4826027..e06f5e8b76db3728ed159a2e6685da6ebaa590be 100644 >--- a/Source/WebCore/dom/LoadableScript.h >+++ b/Source/WebCore/dom/LoadableScript.h >@@ -68,8 +68,8 @@ public: > void removeClient(LoadableScriptClient&); > > protected: >- LoadableScript(const String& nonce, const String& crossOriginMode, const String& charset, const AtomicString& initiatorName, bool isInUserAgentShadowTree) >- : ScriptElementCachedScriptFetcher(nonce, crossOriginMode, charset, initiatorName, isInUserAgentShadowTree) >+ LoadableScript(const String& nonce, const ReferrerPolicy& policy, const String& crossOriginMode, const String& charset, const AtomicString& initiatorName, bool isInUserAgentShadowTree) >+ : ScriptElementCachedScriptFetcher(nonce, policy, crossOriginMode, charset, initiatorName, isInUserAgentShadowTree) > { > } > >diff --git a/Source/WebCore/dom/ScriptElement.cpp b/Source/WebCore/dom/ScriptElement.cpp >index 063d64d2518518d27580f2d2dafaeca6c6c93d9d..113abc46a656e91be17c8df666d13c99d5f9799d 100644 >--- a/Source/WebCore/dom/ScriptElement.cpp >+++ b/Source/WebCore/dom/ScriptElement.cpp >@@ -284,6 +284,7 @@ bool ScriptElement::requestClassicScript(const String& sourceURL) > auto script = LoadableClassicScript::create( > m_element.attributeWithoutSynchronization(HTMLNames::nonceAttr), > m_element.document().settings().subresourceIntegrityEnabled() ? m_element.attributeWithoutSynchronization(HTMLNames::integrityAttr).string() : emptyString(), >+ referrerPolicy(), > m_element.attributeWithoutSynchronization(HTMLNames::crossoriginAttr), > scriptCharset(), > m_element.localName(), >@@ -335,6 +336,7 @@ bool ScriptElement::requestModuleScript(const TextPosition& scriptStartPosition) > auto script = LoadableModuleScript::create( > nonce, > m_element.document().settings().subresourceIntegrityEnabled() ? m_element.attributeWithoutSynchronization(HTMLNames::integrityAttr).string() : emptyString(), >+ referrerPolicy(), > crossOriginMode, > scriptCharset(), > m_element.localName(), >@@ -344,7 +346,7 @@ bool ScriptElement::requestModuleScript(const TextPosition& scriptStartPosition) > return true; > } > >- auto script = LoadableModuleScript::create(nonce, emptyString(), crossOriginMode, scriptCharset(), m_element.localName(), m_element.isInUserAgentShadowTree()); >+ auto script = LoadableModuleScript::create(nonce, emptyString(), referrerPolicy(), crossOriginMode, scriptCharset(), m_element.localName(), m_element.isInUserAgentShadowTree()); > > TextPosition position = m_element.document().isInDocumentWrite() ? TextPosition() : scriptStartPosition; > ScriptSourceCode sourceCode(scriptContent(), URL(m_element.document().url()), position, JSC::SourceProviderSourceType::Module, script.copyRef()); >diff --git a/Source/WebCore/dom/ScriptElement.h b/Source/WebCore/dom/ScriptElement.h >index ac1d7d4dff880fb32ab641d1659b1d422f96ecca..4fed24ce775d8db34feb4403cf9c186fd2943162 100644 >--- a/Source/WebCore/dom/ScriptElement.h >+++ b/Source/WebCore/dom/ScriptElement.h >@@ -23,6 +23,7 @@ > > #include "ContainerNode.h" > #include "LoadableScript.h" >+#include "ReferrerPolicy.h" > #include "UserGestureIndicator.h" > #include <wtf/MonotonicTime.h> > #include <wtf/text/TextPosition.h> >@@ -113,6 +114,7 @@ private: > virtual bool hasDeferAttribute() const = 0; > virtual bool hasSourceAttribute() const = 0; > virtual bool hasNoModuleAttribute() const = 0; >+ virtual ReferrerPolicy referrerPolicy() const = 0; > > Element& m_element; > WTF::OrdinalNumber m_startLineNumber; >diff --git a/Source/WebCore/dom/ScriptElementCachedScriptFetcher.h b/Source/WebCore/dom/ScriptElementCachedScriptFetcher.h >index 03c3896dbed8e462aa9916d8ac7ba68f90ef3fd6..8a759ebc5062f8eba00772765df7c66d156b9a78 100644 >--- a/Source/WebCore/dom/ScriptElementCachedScriptFetcher.h >+++ b/Source/WebCore/dom/ScriptElementCachedScriptFetcher.h >@@ -39,8 +39,8 @@ public: > const String& crossOriginMode() const { return m_crossOriginMode; } > > protected: >- ScriptElementCachedScriptFetcher(const String& nonce, const String& crossOriginMode, const String& charset, const AtomicString& initiatorName, bool isInUserAgentShadowTree) >- : CachedScriptFetcher(nonce, charset, initiatorName, isInUserAgentShadowTree) >+ ScriptElementCachedScriptFetcher(const String& nonce, const ReferrerPolicy& policy, const String& crossOriginMode, const String& charset, const AtomicString& initiatorName, bool isInUserAgentShadowTree) >+ : CachedScriptFetcher(nonce, policy, charset, initiatorName, isInUserAgentShadowTree) > , m_crossOriginMode(crossOriginMode) > { > } >diff --git a/Source/WebCore/html/HTMLIFrameElement.cpp b/Source/WebCore/html/HTMLIFrameElement.cpp >index ee3d1dfb07eec7ef16d13404b67fefcc10a783fa..c153024fd3be4527600cba70914adb0fcfd53ef1 100644 >--- a/Source/WebCore/html/HTMLIFrameElement.cpp >+++ b/Source/WebCore/html/HTMLIFrameElement.cpp >@@ -119,28 +119,7 @@ void HTMLIFrameElement::setReferrerPolicyForBindings(const AtomicString& value) > > String HTMLIFrameElement::referrerPolicyForBindings() const > { >- switch (referrerPolicy()) { >- case ReferrerPolicy::NoReferrer: >- return "no-referrer"_s; >- case ReferrerPolicy::UnsafeUrl: >- return "unsafe-url"_s; >- case ReferrerPolicy::Origin: >- return "origin"_s; >- case ReferrerPolicy::OriginWhenCrossOrigin: >- return "origin-when-cross-origin"_s; >- case ReferrerPolicy::SameOrigin: >- return "same-origin"_s; >- case ReferrerPolicy::StrictOrigin: >- return "strict-origin"_s; >- case ReferrerPolicy::StrictOriginWhenCrossOrigin: >- return "strict-origin-when-cross-origin"_s; >- case ReferrerPolicy::NoReferrerWhenDowngrade: >- return "no-referrer-when-downgrade"_s; >- case ReferrerPolicy::EmptyString: >- return { }; >- } >- ASSERT_NOT_REACHED(); >- return { }; >+ return referrerPolicyToString(referrerPolicy()); > } > > ReferrerPolicy HTMLIFrameElement::referrerPolicy() const >diff --git a/Source/WebCore/html/HTMLScriptElement.cpp b/Source/WebCore/html/HTMLScriptElement.cpp >index 60610984024c18dcceeb02a78c380d946feeaa74..3b02011e9276919f287626218179556ab54b95e1 100644 >--- a/Source/WebCore/html/HTMLScriptElement.cpp >+++ b/Source/WebCore/html/HTMLScriptElement.cpp >@@ -184,4 +184,21 @@ Ref<Element> HTMLScriptElement::cloneElementWithoutAttributesAndChildren(Documen > return adoptRef(*new HTMLScriptElement(tagQName(), targetDocument, false, alreadyStarted())); > } > >+void HTMLScriptElement::setReferrerPolicyForBindings(const AtomicString& value) >+{ >+ setAttributeWithoutSynchronization(referrerpolicyAttr, value); >+} >+ >+String HTMLScriptElement::referrerPolicyForBindings() const >+{ >+ return referrerPolicyToString(referrerPolicy()); >+} >+ >+ReferrerPolicy HTMLScriptElement::referrerPolicy() const >+{ >+ if (RuntimeEnabledFeatures::sharedFeatures().referrerPolicyAttributeEnabled()) >+ return parseReferrerPolicy(attributeWithoutSynchronization(referrerpolicyAttr), ReferrerPolicySource::ReferrerPolicyAttribute).valueOr(ReferrerPolicy::EmptyString); >+ return ReferrerPolicy::EmptyString; >+} >+ > } >diff --git a/Source/WebCore/html/HTMLScriptElement.h b/Source/WebCore/html/HTMLScriptElement.h >index bd1e3ed2f25ede6d92398715d7914793fde0f516..4a0977f34292851a8d9bfa6cdabe683bb8970372 100644 >--- a/Source/WebCore/html/HTMLScriptElement.h >+++ b/Source/WebCore/html/HTMLScriptElement.h >@@ -44,6 +44,10 @@ public: > WEBCORE_EXPORT void setCrossOrigin(const AtomicString&); > WEBCORE_EXPORT String crossOrigin() const; > >+ void setReferrerPolicyForBindings(const AtomicString&); >+ String referrerPolicyForBindings() const; >+ ReferrerPolicy referrerPolicy() const final; >+ > using HTMLElement::ref; > using HTMLElement::deref; > >diff --git a/Source/WebCore/html/HTMLScriptElement.idl b/Source/WebCore/html/HTMLScriptElement.idl >index cb9e6b14e39eec153c3bc72aafb237555f3562a4..6a7fc601fcb7c23bd5a4af0538a530219498b7e8 100644 >--- a/Source/WebCore/html/HTMLScriptElement.idl >+++ b/Source/WebCore/html/HTMLScriptElement.idl >@@ -31,4 +31,5 @@ interface HTMLScriptElement : HTMLElement { > [Reflect] attribute DOMString nonce; > [CEReactions=NotNeeded, Reflect] attribute boolean noModule; > [CEReactions=NotNeeded, Reflect, EnabledBySetting=SubresourceIntegrity] attribute DOMString integrity; >+ [EnabledAtRuntime=ReferrerPolicyAttribute, ImplementedAs=referrerPolicyForBindings, CEReactions=NotNeeded] attribute DOMString referrerPolicy; > }; >diff --git a/Source/WebCore/html/parser/CSSPreloadScanner.cpp b/Source/WebCore/html/parser/CSSPreloadScanner.cpp >index 4c79f80bc212d79572b77d67822a9c69bbd5bb81..e8590ccc69728af39301d3ae8d8988f5c15a4b2a 100644 >--- a/Source/WebCore/html/parser/CSSPreloadScanner.cpp >+++ b/Source/WebCore/html/parser/CSSPreloadScanner.cpp >@@ -201,7 +201,7 @@ void CSSPreloadScanner::emitRule() > if (!url.isEmpty()) { > URL baseElementURL; // FIXME: This should be passed in from the HTMLPreloadScanner via scan(): without it we will get relative URLs wrong. > // FIXME: Should this be including the charset in the preload request? >- m_requests->append(std::make_unique<PreloadRequest>("css", url, baseElementURL, CachedResource::Type::CSSStyleSheet, String(), PreloadRequest::ModuleScript::No)); >+ m_requests->append(std::make_unique<PreloadRequest>("css", url, baseElementURL, CachedResource::Type::CSSStyleSheet, String(), PreloadRequest::ModuleScript::No, ReferrerPolicy::EmptyString)); > } > m_state = Initial; > } else if (equalLettersIgnoringASCIICase(rule, "charset")) >diff --git a/Source/WebCore/html/parser/HTMLPreloadScanner.cpp b/Source/WebCore/html/parser/HTMLPreloadScanner.cpp >index d71ec552505745816d55364e3fab6eb1c8e90c0b..2eb725f11013fafc7bdc19d3e8d264e36a0f956c 100644 >--- a/Source/WebCore/html/parser/HTMLPreloadScanner.cpp >+++ b/Source/WebCore/html/parser/HTMLPreloadScanner.cpp >@@ -161,7 +161,7 @@ public: > if (!LinkLoader::isSupportedType(type.value(), m_typeAttribute)) > return nullptr; > >- auto request = std::make_unique<PreloadRequest>(initiatorFor(m_tagId), m_urlToLoad, predictedBaseURL, type.value(), m_mediaAttribute, m_moduleScript); >+ auto request = std::make_unique<PreloadRequest>(initiatorFor(m_tagId), m_urlToLoad, predictedBaseURL, type.value(), m_mediaAttribute, m_moduleScript, m_referrerPolicy); > request->setCrossOriginMode(m_crossOriginMode); > request->setNonce(m_nonceAttribute); > >@@ -236,8 +236,13 @@ private: > if (match(attributeName, typeAttr)) { > m_moduleScript = equalLettersIgnoringASCIICase(attributeValue, "module") ? PreloadRequest::ModuleScript::Yes : PreloadRequest::ModuleScript::No; > break; >- } else if (match(attributeName, nonceAttr)) >+ } else if (match(attributeName, nonceAttr)) { > m_nonceAttribute = attributeValue; >+ break; >+ } else if (match(attributeName, referrerpolicyAttr)) { >+ m_referrerPolicy = parseReferrerPolicy(attributeValue, ReferrerPolicySource::ReferrerPolicyAttribute).valueOr(ReferrerPolicy::EmptyString); >+ break; >+ } > processImageAndScriptAttribute(attributeName, attributeValue); > break; > case TagId::Link: >@@ -370,6 +375,7 @@ private: > bool m_inputIsImage; > float m_deviceScaleFactor; > PreloadRequest::ModuleScript m_moduleScript { PreloadRequest::ModuleScript::No }; >+ ReferrerPolicy m_referrerPolicy { ReferrerPolicy::EmptyString }; > }; > > TokenPreloadScanner::TokenPreloadScanner(const URL& documentURL, float deviceScaleFactor) >diff --git a/Source/WebCore/html/parser/HTMLResourcePreloader.cpp b/Source/WebCore/html/parser/HTMLResourcePreloader.cpp >index 3d006ab04bf528764f9f0c844abf46e0d63631ff..082195669f1de76db91a82e493aafa32d8d68225 100644 >--- a/Source/WebCore/html/parser/HTMLResourcePreloader.cpp >+++ b/Source/WebCore/html/parser/HTMLResourcePreloader.cpp >@@ -59,6 +59,8 @@ CachedResourceRequest PreloadRequest::resourceRequest(Document& document) > if (crossOriginMode.isNull()) > crossOriginMode = "omit"_s; > } >+ if (m_resourceType == CachedResource::Type::Script) >+ options.referrerPolicy = m_referrerPolicy; > auto request = createPotentialAccessControlRequest(completeURL(document), document, crossOriginMode, WTFMove(options)); > request.setInitiator(m_initiator); > return request; >diff --git a/Source/WebCore/html/parser/HTMLResourcePreloader.h b/Source/WebCore/html/parser/HTMLResourcePreloader.h >index dae7464b38387c475618af3169ef31f5f047deeb..45735a6b7958871142d9a632ccb155955514450a 100644 >--- a/Source/WebCore/html/parser/HTMLResourcePreloader.h >+++ b/Source/WebCore/html/parser/HTMLResourcePreloader.h >@@ -37,13 +37,14 @@ public: > Yes, > No, > }; >- PreloadRequest(const String& initiator, const String& resourceURL, const URL& baseURL, CachedResource::Type resourceType, const String& mediaAttribute, ModuleScript moduleScript) >+ PreloadRequest(const String& initiator, const String& resourceURL, const URL& baseURL, CachedResource::Type resourceType, const String& mediaAttribute, ModuleScript moduleScript, const ReferrerPolicy& referrerPolicy) > : m_initiator(initiator) > , m_resourceURL(resourceURL) > , m_baseURL(baseURL.isolatedCopy()) > , m_resourceType(resourceType) > , m_mediaAttribute(mediaAttribute) > , m_moduleScript(moduleScript) >+ , m_referrerPolicy(referrerPolicy) > { > } > >@@ -68,6 +69,7 @@ private: > String m_crossOriginMode; > String m_nonceAttribute; > ModuleScript m_moduleScript; >+ ReferrerPolicy m_referrerPolicy; > }; > > typedef Vector<std::unique_ptr<PreloadRequest>> PreloadRequestStream; >diff --git a/Source/WebCore/platform/ReferrerPolicy.cpp b/Source/WebCore/platform/ReferrerPolicy.cpp >index f161854ae8f1d7dc59544c7d5f26f857c8938b61..f7e97c2a945b73e485073bb73b2e1f3f2ce55aea 100644 >--- a/Source/WebCore/platform/ReferrerPolicy.cpp >+++ b/Source/WebCore/platform/ReferrerPolicy.cpp >@@ -89,4 +89,30 @@ Optional<ReferrerPolicy> parseReferrerPolicy(StringView policyString, ReferrerPo > return WTF::nullopt; > } > >+String referrerPolicyToString(const ReferrerPolicy& referrerPolicy) >+{ >+ switch (referrerPolicy) { >+ case ReferrerPolicy::NoReferrer: >+ return "no-referrer"_s; >+ case ReferrerPolicy::UnsafeUrl: >+ return "unsafe-url"_s; >+ case ReferrerPolicy::Origin: >+ return "origin"_s; >+ case ReferrerPolicy::OriginWhenCrossOrigin: >+ return "origin-when-cross-origin"_s; >+ case ReferrerPolicy::SameOrigin: >+ return "same-origin"_s; >+ case ReferrerPolicy::StrictOrigin: >+ return "strict-origin"_s; >+ case ReferrerPolicy::StrictOriginWhenCrossOrigin: >+ return "strict-origin-when-cross-origin"_s; >+ case ReferrerPolicy::NoReferrerWhenDowngrade: >+ return "no-referrer-when-downgrade"_s; >+ case ReferrerPolicy::EmptyString: >+ return { }; >+ } >+ ASSERT_NOT_REACHED(); >+ return { }; >+} >+ > } // namespace WebCore >diff --git a/Source/WebCore/platform/ReferrerPolicy.h b/Source/WebCore/platform/ReferrerPolicy.h >index ef52137ab637ca9c55b1041533316685093fcb81..d5d498465e1abecd8beea3e4d6d40e48348711ef 100644 >--- a/Source/WebCore/platform/ReferrerPolicy.h >+++ b/Source/WebCore/platform/ReferrerPolicy.h >@@ -50,6 +50,7 @@ enum class ReferrerPolicy : uint8_t { > > enum class ReferrerPolicySource : uint8_t { MetaTag, HTTPHeader, ReferrerPolicyAttribute }; > Optional<ReferrerPolicy> parseReferrerPolicy(StringView, ReferrerPolicySource); >+String referrerPolicyToString(const ReferrerPolicy&); > > } > >diff --git a/Source/WebCore/svg/SVGScriptElement.h b/Source/WebCore/svg/SVGScriptElement.h >index f15f3b7cf6f93af148d5032a10dd2b0167afabaf..acf22f42252646d55fcefb2b0197ddf8f67500e6 100644 >--- a/Source/WebCore/svg/SVGScriptElement.h >+++ b/Source/WebCore/svg/SVGScriptElement.h >@@ -65,6 +65,7 @@ private: > bool hasAsyncAttribute() const final { return false; } > bool hasDeferAttribute() const final { return false; } > bool hasNoModuleAttribute() const final { return false; } >+ ReferrerPolicy referrerPolicy() const final { return ReferrerPolicy::EmptyString; } > bool hasSourceAttribute() const final { return hasAttribute(SVGNames::hrefAttr) || hasAttribute(XLinkNames::hrefAttr); } > > void dispatchLoadEvent() final { SVGExternalResourcesRequired::dispatchLoadEvent(); } >diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog >index 51dd24fe0d9c614c37777738f94b69bec7c9111a..1ed844c9f34944c1757ba5cbc99a2d4f16da22d9 100644 >--- a/LayoutTests/ChangeLog >+++ b/LayoutTests/ChangeLog >@@ -1,3 +1,63 @@ >+2019-05-29 Rob Buis <rbuis@igalia.com> >+ >+ Add referrerpolicy attribute support for <script> elements >+ >+ https://bugs.webkit.org/show_bug.cgi?id=185550 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Add tests for scripts with various referrerpolicy attribute values. >+ >+ * http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http-http-expected.txt: Added. >+ * http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http-http.html: Added. >+ * http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http.https-expected.txt: Added. >+ * http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http.https.html: Added. >+ * http/tests/referrer-policy-script/no-referrer-when-downgrade/same-origin-expected.txt: Added. >+ * http/tests/referrer-policy-script/no-referrer-when-downgrade/same-origin.html: Added. >+ * http/tests/referrer-policy-script/no-referrer/cross-origin-http-http-expected.txt: Added. >+ * http/tests/referrer-policy-script/no-referrer/cross-origin-http-http.html: Added. >+ * http/tests/referrer-policy-script/no-referrer/cross-origin-http.https-expected.txt: Added. >+ * http/tests/referrer-policy-script/no-referrer/cross-origin-http.https.html: Added. >+ * http/tests/referrer-policy-script/no-referrer/same-origin-expected.txt: Added. >+ * http/tests/referrer-policy-script/no-referrer/same-origin.html: Added. >+ * http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http-http-expected.txt: Added. >+ * http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http-http.html: Added. >+ * http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http.https-expected.txt: Added. >+ * http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http.https.html: Added. >+ * http/tests/referrer-policy-script/origin-when-cross-origin/same-origin-expected.txt: Added. >+ * http/tests/referrer-policy-script/origin-when-cross-origin/same-origin.html: Added. >+ * http/tests/referrer-policy-script/origin/cross-origin-http-http-expected.txt: Added. >+ * http/tests/referrer-policy-script/origin/cross-origin-http-http.html: Added. >+ * http/tests/referrer-policy-script/origin/cross-origin-http.https-expected.txt: Added. >+ * http/tests/referrer-policy-script/origin/cross-origin-http.https.html: Added. >+ * http/tests/referrer-policy-script/origin/same-origin-expected.txt: Added. >+ * http/tests/referrer-policy-script/origin/same-origin.html: Added. >+ * http/tests/referrer-policy-script/same-origin/cross-origin-http-http-expected.txt: Added. >+ * http/tests/referrer-policy-script/same-origin/cross-origin-http-http.html: Added. >+ * http/tests/referrer-policy-script/same-origin/cross-origin-http.https-expected.txt: Added. >+ * http/tests/referrer-policy-script/same-origin/cross-origin-http.https.html: Added. >+ * http/tests/referrer-policy-script/same-origin/same-origin-expected.txt: Added. >+ * http/tests/referrer-policy-script/same-origin/same-origin.html: Added. >+ * http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http-http-expected.txt: Added. >+ * http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http-http.html: Added. >+ * http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http.https-expected.txt: Added. >+ * http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http.https.html: Added. >+ * http/tests/referrer-policy-script/strict-origin-when-cross-origin/same-origin-expected.txt: Added. >+ * http/tests/referrer-policy-script/strict-origin-when-cross-origin/same-origin.html: Added. >+ * http/tests/referrer-policy-script/strict-origin/cross-origin-http-http-expected.txt: Added. >+ * http/tests/referrer-policy-script/strict-origin/cross-origin-http-http.html: Added. >+ * http/tests/referrer-policy-script/strict-origin/cross-origin-http.https-expected.txt: Added. >+ * http/tests/referrer-policy-script/strict-origin/cross-origin-http.https.html: Added. >+ * http/tests/referrer-policy-script/strict-origin/same-origin-expected.txt: Added. >+ * http/tests/referrer-policy-script/strict-origin/same-origin.html: Added. >+ * http/tests/referrer-policy-script/unsafe-url/cross-origin-http-http-expected.txt: Added. >+ * http/tests/referrer-policy-script/unsafe-url/cross-origin-http-http.html: Added. >+ * http/tests/referrer-policy-script/unsafe-url/cross-origin-http.https-expected.txt: Added. >+ * http/tests/referrer-policy-script/unsafe-url/cross-origin-http.https.html: Added. >+ * http/tests/referrer-policy-script/unsafe-url/same-origin-expected.txt: Added. >+ * http/tests/referrer-policy-script/unsafe-url/same-origin.html: Added. >+ * http/tests/referrer-policy/resources/script.php: Added. >+ > 2019-05-28 Yacine Bandou <yacine.bandou@softathome.com> > > [MSE][GStreamer] update the readyState correctly in MediaPlayerPrivateGStreamerMSE >diff --git a/LayoutTests/http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http-http-expected.txt b/LayoutTests/http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http-http-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..9774e089df043ac12075407c44faded2fa0fcda1 >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http-http-expected.txt >@@ -0,0 +1,10 @@ >+Tests the behavior of no-referrer-when-downgrade referrer policy when cross origin. >+ >+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >+ >+ >+PASS referrer is "http://127.0.0.1:8000/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http-http.html" >+PASS successfullyParsed is true >+ >+TEST COMPLETE >+ >diff --git a/LayoutTests/http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http-http.html b/LayoutTests/http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http-http.html >new file mode 100644 >index 0000000000000000000000000000000000000000..f3e7b2a3437df840991ea213cc45986081f5ac4c >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http-http.html >@@ -0,0 +1,20 @@ >+<!DOCTYPE html> >+<html> >+<head> >+<script src="/js-test-resources/js-test.js"></script> >+</head> >+<body> >+<script> >+description("Tests the behavior of no-referrer-when-downgrade referrer policy when cross origin."); >+jsTestIsAsync = true; >+ >+function checkReferrer(value) { >+ referrer = value; >+ // Should be the full URL >+ shouldBeEqualToString("referrer", "http://127.0.0.1:8000/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http-http.html"); >+ finishJSTest(); >+} >+</script> >+<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="no-referrer-when-downgrade"></script> >+</body> >+</html> >diff --git a/LayoutTests/http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http.https-expected.txt b/LayoutTests/http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http.https-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..fab35633a57317094df6857c13b8197b00b3e5c5 >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http.https-expected.txt >@@ -0,0 +1,14 @@ >+CONSOLE MESSAGE: line 4: [blocked] The page at https://127.0.0.1:8443/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http.https.html was not allowed to run insecure content from http://localhost:8000/referrer-policy/resources/script.php. >+ >+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http.https.html was allowed to run insecure content from http://localhost:8000/referrer-policy/resources/script.php. >+ >+Tests the behavior of no-referrer-when-downgrade referrer policy when cross origin from HTTPS to HTTP. >+ >+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >+ >+ >+PASS referrer is "" >+PASS successfullyParsed is true >+ >+TEST COMPLETE >+ >diff --git a/LayoutTests/http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http.https.html b/LayoutTests/http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http.https.html >new file mode 100644 >index 0000000000000000000000000000000000000000..0ced72f7a2d6791176e20c73763fd544cb163d1f >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http.https.html >@@ -0,0 +1,23 @@ >+<!DOCTYPE html> >+<html> >+<head> >+<script src="/js-test-resources/js-test.js"></script> >+</head> >+<body> >+<script> >+description("Tests the behavior of no-referrer-when-downgrade referrer policy when cross origin from HTTPS to HTTP."); >+jsTestIsAsync = true; >+ >+if (window.internals) >+ internals.settings.setAllowRunningOfInsecureContent(true); >+ >+function checkReferrer(value) { >+ referrer = value; >+ // Should be the empty string >+ shouldBeEqualToString("referrer", ""); >+ finishJSTest(); >+} >+</script> >+<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="no-referrer-when-downgrade"></script> >+</body> >+</html> >diff --git a/LayoutTests/http/tests/referrer-policy-script/no-referrer-when-downgrade/same-origin-expected.txt b/LayoutTests/http/tests/referrer-policy-script/no-referrer-when-downgrade/same-origin-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..e1eb2682031d32cc212b9e94b945cd8a566b8496 >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/no-referrer-when-downgrade/same-origin-expected.txt >@@ -0,0 +1,10 @@ >+Tests the behavior of no-referrer-when-downgrade referrer policy when same origin. >+ >+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >+ >+ >+PASS referrer is "http://127.0.0.1:8000/referrer-policy-script/no-referrer-when-downgrade/same-origin.html" >+PASS successfullyParsed is true >+ >+TEST COMPLETE >+ >diff --git a/LayoutTests/http/tests/referrer-policy-script/no-referrer-when-downgrade/same-origin.html b/LayoutTests/http/tests/referrer-policy-script/no-referrer-when-downgrade/same-origin.html >new file mode 100644 >index 0000000000000000000000000000000000000000..0fb8e436ff2781e6d068431954b2aace10d2de89 >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/no-referrer-when-downgrade/same-origin.html >@@ -0,0 +1,20 @@ >+<!DOCTYPE html> >+<html> >+<head> >+<script src="/js-test-resources/js-test.js"></script> >+</head> >+<body> >+<script> >+description("Tests the behavior of no-referrer-when-downgrade referrer policy when same origin."); >+jsTestIsAsync = true; >+ >+function checkReferrer(value) { >+ referrer = value; >+ // Should be the full URL >+ shouldBeEqualToString("referrer", "http://127.0.0.1:8000/referrer-policy-script/no-referrer-when-downgrade/same-origin.html"); >+ finishJSTest(); >+} >+</script> >+<script src="http://127.0.0.1:8000/referrer-policy/resources/script.php" referrerpolicy=no-referrer-when-downgrade"></script> >+</body> >+</html> >diff --git a/LayoutTests/http/tests/referrer-policy-script/no-referrer/cross-origin-http-http-expected.txt b/LayoutTests/http/tests/referrer-policy-script/no-referrer/cross-origin-http-http-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..17d7c3e2d627d6d6eb884b63c367026c80164ffc >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/no-referrer/cross-origin-http-http-expected.txt >@@ -0,0 +1,10 @@ >+Tests the behavior of no-referrer referrer policy when cross origin. >+ >+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >+ >+ >+PASS referrer is "" >+PASS successfullyParsed is true >+ >+TEST COMPLETE >+ >diff --git a/LayoutTests/http/tests/referrer-policy-script/no-referrer/cross-origin-http-http.html b/LayoutTests/http/tests/referrer-policy-script/no-referrer/cross-origin-http-http.html >new file mode 100644 >index 0000000000000000000000000000000000000000..f79f9b61c9f3996213adcd0a7240592429640093 >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/no-referrer/cross-origin-http-http.html >@@ -0,0 +1,20 @@ >+<!DOCTYPE html> >+<html> >+<head> >+<script src="/js-test-resources/js-test.js"></script> >+</head> >+<body> >+<script> >+description("Tests the behavior of no-referrer referrer policy when cross origin."); >+jsTestIsAsync = true; >+ >+function checkReferrer(value) { >+ referrer = value; >+ // Should be the empty string >+ shouldBeEqualToString("referrer", ""); >+ finishJSTest(); >+} >+</script> >+<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="no-referrer"></script> >+</body> >+</html> >diff --git a/LayoutTests/http/tests/referrer-policy-script/no-referrer/cross-origin-http.https-expected.txt b/LayoutTests/http/tests/referrer-policy-script/no-referrer/cross-origin-http.https-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..0e294bb1041f21f1f1034718120439282286a7d1 >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/no-referrer/cross-origin-http.https-expected.txt >@@ -0,0 +1,14 @@ >+CONSOLE MESSAGE: line 4: [blocked] The page at https://127.0.0.1:8443/referrer-policy-script/no-referrer/cross-origin-http.https.html was not allowed to run insecure content from http://localhost:8000/referrer-policy/resources/script.php. >+ >+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/referrer-policy-script/no-referrer/cross-origin-http.https.html was allowed to run insecure content from http://localhost:8000/referrer-policy/resources/script.php. >+ >+Tests the behavior of no-referrer referrer policy when cross origin from HTTPS to HTTP. >+ >+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >+ >+ >+PASS referrer is "" >+PASS successfullyParsed is true >+ >+TEST COMPLETE >+ >diff --git a/LayoutTests/http/tests/referrer-policy-script/no-referrer/cross-origin-http.https.html b/LayoutTests/http/tests/referrer-policy-script/no-referrer/cross-origin-http.https.html >new file mode 100644 >index 0000000000000000000000000000000000000000..87587e28aec9cfae2a28e75561944f0b6294a20f >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/no-referrer/cross-origin-http.https.html >@@ -0,0 +1,23 @@ >+<!DOCTYPE html> >+<html> >+<head> >+<script src="/js-test-resources/js-test.js"></script> >+</head> >+<body> >+<script> >+description("Tests the behavior of no-referrer referrer policy when cross origin from HTTPS to HTTP."); >+jsTestIsAsync = true; >+ >+if (window.internals) >+ internals.settings.setAllowRunningOfInsecureContent(true); >+ >+function checkReferrer(value) { >+ referrer = value; >+ // Should be the empty string >+ shouldBeEqualToString("referrer", ""); >+ finishJSTest(); >+} >+</script> >+<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="no-referrer"></script> >+</body> >+</html> >diff --git a/LayoutTests/http/tests/referrer-policy-script/no-referrer/same-origin-expected.txt b/LayoutTests/http/tests/referrer-policy-script/no-referrer/same-origin-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..19114a6477a04c8ce6ac0c66be525004e1e4dc20 >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/no-referrer/same-origin-expected.txt >@@ -0,0 +1,10 @@ >+Tests the behavior of no-referrer referrer policy when same origin. >+ >+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >+ >+ >+PASS referrer is "" >+PASS successfullyParsed is true >+ >+TEST COMPLETE >+ >diff --git a/LayoutTests/http/tests/referrer-policy-script/no-referrer/same-origin.html b/LayoutTests/http/tests/referrer-policy-script/no-referrer/same-origin.html >new file mode 100644 >index 0000000000000000000000000000000000000000..34283123d5b51fd97690a1d6cc27264e0d14c7c9 >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/no-referrer/same-origin.html >@@ -0,0 +1,20 @@ >+<!DOCTYPE html> >+<html> >+<head> >+<script src="/js-test-resources/js-test.js"></script> >+</head> >+<body> >+<script> >+description("Tests the behavior of no-referrer referrer policy when same origin."); >+jsTestIsAsync = true; >+ >+function checkReferrer(value) { >+ referrer = value; >+ // Should be the empty string >+ shouldBeEqualToString("referrer", ""); >+ finishJSTest(); >+} >+</script> >+<script src="http://127.0.0.1:8000/referrer-policy/resources/script.php" referrerpolicy="no-referrer"></script> >+</body> >+</html> >diff --git a/LayoutTests/http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http-http-expected.txt b/LayoutTests/http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http-http-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..28d62890f666ef3d35d49368845fad123fc12fdc >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http-http-expected.txt >@@ -0,0 +1,10 @@ >+Tests the behavior of origin-when-cross-origin referrer policy when cross origin. >+ >+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >+ >+ >+PASS referrer is "http://127.0.0.1:8000/" >+PASS successfullyParsed is true >+ >+TEST COMPLETE >+ >diff --git a/LayoutTests/http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http-http.html b/LayoutTests/http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http-http.html >new file mode 100644 >index 0000000000000000000000000000000000000000..839205746f89739bc87cc9c8794168cb475f2628 >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http-http.html >@@ -0,0 +1,20 @@ >+<!DOCTYPE html> >+<html> >+<head> >+<script src="/js-test-resources/js-test.js"></script> >+</head> >+<body> >+<script> >+description("Tests the behavior of origin-when-cross-origin referrer policy when cross origin."); >+jsTestIsAsync = true; >+ >+function checkReferrer(value) { >+ referrer = value; >+ // Should be the origin, not the full URL, because we are cross-origin. >+ shouldBeEqualToString("referrer", "http://127.0.0.1:8000/"); >+ finishJSTest(); >+} >+</script> >+<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="origin-when-cross-origin"></script> >+</body> >+</html> >diff --git a/LayoutTests/http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http.https-expected.txt b/LayoutTests/http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http.https-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..95015bd48769e16632262080cb688add8015bdd4 >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http.https-expected.txt >@@ -0,0 +1,14 @@ >+CONSOLE MESSAGE: line 4: [blocked] The page at https://127.0.0.1:8443/referrer-policy-script/origin-when-cross-origin/cross-origin-http.https.html was not allowed to run insecure content from http://localhost:8000/referrer-policy/resources/script.php. >+ >+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/referrer-policy-script/origin-when-cross-origin/cross-origin-http.https.html was allowed to run insecure content from http://localhost:8000/referrer-policy/resources/script.php. >+ >+Tests the behavior of origin-when-cross-origin referrer policy when cross origin from HTTPS to HTTP. >+ >+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >+ >+ >+PASS referrer is "https://127.0.0.1:8443/" >+PASS successfullyParsed is true >+ >+TEST COMPLETE >+ >diff --git a/LayoutTests/http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http.https.html b/LayoutTests/http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http.https.html >new file mode 100644 >index 0000000000000000000000000000000000000000..8e9beb1a8ec5354cf278fd18ca1b449ee74afc20 >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http.https.html >@@ -0,0 +1,23 @@ >+<!DOCTYPE html> >+<html> >+<head> >+<script src="/js-test-resources/js-test.js"></script> >+</head> >+<body> >+<script> >+description("Tests the behavior of origin-when-cross-origin referrer policy when cross origin from HTTPS to HTTP."); >+jsTestIsAsync = true; >+ >+if (window.internals) >+ internals.settings.setAllowRunningOfInsecureContent(true); >+ >+function checkReferrer(value) { >+ referrer = value; >+ // Should be the origin, not the full URL, because we are cross-origin. >+ shouldBeEqualToString("referrer", "https://127.0.0.1:8443/"); >+ finishJSTest(); >+} >+</script> >+<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="origin-when-cross-origin"></script> >+</body> >+</html> >diff --git a/LayoutTests/http/tests/referrer-policy-script/origin-when-cross-origin/same-origin-expected.txt b/LayoutTests/http/tests/referrer-policy-script/origin-when-cross-origin/same-origin-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..c83210bf4b54927849e1a1b4cb1e86cd0ca4ed5b >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/origin-when-cross-origin/same-origin-expected.txt >@@ -0,0 +1,10 @@ >+Tests the behavior of origin-when-cross-origin referrer policy when same origin. >+ >+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >+ >+ >+PASS referrer is "http://127.0.0.1:8000/referrer-policy-script/origin-when-cross-origin/same-origin.html" >+PASS successfullyParsed is true >+ >+TEST COMPLETE >+ >diff --git a/LayoutTests/http/tests/referrer-policy-script/origin-when-cross-origin/same-origin.html b/LayoutTests/http/tests/referrer-policy-script/origin-when-cross-origin/same-origin.html >new file mode 100644 >index 0000000000000000000000000000000000000000..f0ba675f82653d330902432350d2c9aafa1ce12a >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/origin-when-cross-origin/same-origin.html >@@ -0,0 +1,20 @@ >+<!DOCTYPE html> >+<html> >+<head> >+<script src="/js-test-resources/js-test.js"></script> >+</head> >+<body> >+<script> >+description("Tests the behavior of origin-when-cross-origin referrer policy when same origin."); >+jsTestIsAsync = true; >+ >+function checkReferrer(value) { >+ referrer = value; >+ // Should be the full URL because we are same-origin. >+ shouldBeEqualToString("referrer", "http://127.0.0.1:8000/referrer-policy-script/origin-when-cross-origin/same-origin.html"); >+ finishJSTest(); >+} >+</script> >+<script src="http://127.0.0.1:8000/referrer-policy/resources/script.php" referrerpolicy="origin-when-cross-origin"></script> >+</body> >+</html> >diff --git a/LayoutTests/http/tests/referrer-policy-script/origin/cross-origin-http-http-expected.txt b/LayoutTests/http/tests/referrer-policy-script/origin/cross-origin-http-http-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..83c2309e90e30426ece275a8deb223b2f4ae97dd >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/origin/cross-origin-http-http-expected.txt >@@ -0,0 +1,10 @@ >+Tests the behavior of origin referrer policy when cross origin. >+ >+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >+ >+ >+PASS referrer is "http://127.0.0.1:8000/" >+PASS successfullyParsed is true >+ >+TEST COMPLETE >+ >diff --git a/LayoutTests/http/tests/referrer-policy-script/origin/cross-origin-http-http.html b/LayoutTests/http/tests/referrer-policy-script/origin/cross-origin-http-http.html >new file mode 100644 >index 0000000000000000000000000000000000000000..38335b77e3880e9c094eb221deb9eb467f64b024 >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/origin/cross-origin-http-http.html >@@ -0,0 +1,20 @@ >+<!DOCTYPE html> >+<html> >+<head> >+<script src="/js-test-resources/js-test.js"></script> >+</head> >+<body> >+<script> >+description("Tests the behavior of origin referrer policy when cross origin."); >+jsTestIsAsync = true; >+ >+function checkReferrer(value) { >+ referrer = value; >+ // Should be the origin >+ shouldBeEqualToString("referrer", "http://127.0.0.1:8000/"); >+ finishJSTest(); >+} >+</script> >+<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="origin"></script> >+</body> >+</html> >diff --git a/LayoutTests/http/tests/referrer-policy-script/origin/cross-origin-http.https-expected.txt b/LayoutTests/http/tests/referrer-policy-script/origin/cross-origin-http.https-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..3c0ed15473af08e9fe9cf2a9427567f5af4cc5df >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/origin/cross-origin-http.https-expected.txt >@@ -0,0 +1,14 @@ >+CONSOLE MESSAGE: line 4: [blocked] The page at https://127.0.0.1:8443/referrer-policy-script/origin/cross-origin-http.https.html was not allowed to run insecure content from http://localhost:8000/referrer-policy/resources/script.php. >+ >+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/referrer-policy-script/origin/cross-origin-http.https.html was allowed to run insecure content from http://localhost:8000/referrer-policy/resources/script.php. >+ >+Tests the behavior of origin referrer policy when cross origin from HTTPS to HTTP. >+ >+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >+ >+ >+PASS referrer is "https://127.0.0.1:8443/" >+PASS successfullyParsed is true >+ >+TEST COMPLETE >+ >diff --git a/LayoutTests/http/tests/referrer-policy-script/origin/cross-origin-http.https.html b/LayoutTests/http/tests/referrer-policy-script/origin/cross-origin-http.https.html >new file mode 100644 >index 0000000000000000000000000000000000000000..2bd269b2242754aec8fd2f8d075777aecd772b42 >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/origin/cross-origin-http.https.html >@@ -0,0 +1,23 @@ >+<!DOCTYPE html> >+<html> >+<head> >+<script src="/js-test-resources/js-test.js"></script> >+</head> >+<body> >+<script> >+description("Tests the behavior of origin referrer policy when cross origin from HTTPS to HTTP."); >+jsTestIsAsync = true; >+ >+if (window.internals) >+ internals.settings.setAllowRunningOfInsecureContent(true); >+ >+function checkReferrer(value) { >+ referrer = value; >+ // Should be the origin >+ shouldBeEqualToString("referrer", "https://127.0.0.1:8443/"); >+ finishJSTest(); >+} >+</script> >+<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="origin"></script> >+</body> >+</html> >diff --git a/LayoutTests/http/tests/referrer-policy-script/origin/same-origin-expected.txt b/LayoutTests/http/tests/referrer-policy-script/origin/same-origin-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..f59fc57f6653e4c0380a8826687db6e3b6f99eb5 >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/origin/same-origin-expected.txt >@@ -0,0 +1,10 @@ >+Tests the behavior of origin referrer policy when same origin. >+ >+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >+ >+ >+PASS referrer is "http://127.0.0.1:8000/" >+PASS successfullyParsed is true >+ >+TEST COMPLETE >+ >diff --git a/LayoutTests/http/tests/referrer-policy-script/origin/same-origin.html b/LayoutTests/http/tests/referrer-policy-script/origin/same-origin.html >new file mode 100644 >index 0000000000000000000000000000000000000000..260ac6212fda5d2fcd1ac41471bc18e502afd05e >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/origin/same-origin.html >@@ -0,0 +1,20 @@ >+<!DOCTYPE html> >+<html> >+<head> >+<script src="/js-test-resources/js-test.js"></script> >+</head> >+<body> >+<script> >+description("Tests the behavior of origin referrer policy when same origin."); >+jsTestIsAsync = true; >+ >+function checkReferrer(value) { >+ referrer = value; >+ // Should be the origin >+ shouldBeEqualToString("referrer", "http://127.0.0.1:8000/"); >+ finishJSTest(); >+} >+</script> >+<script src="http://127.0.0.1:8000/referrer-policy/resources/script.php" referrerpolicy="origin"></script> >+</body> >+</html> >diff --git a/LayoutTests/http/tests/referrer-policy-script/same-origin/cross-origin-http-http-expected.txt b/LayoutTests/http/tests/referrer-policy-script/same-origin/cross-origin-http-http-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..1baae630f6ae83476ddd3c035afc2399b4f6d05a >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/same-origin/cross-origin-http-http-expected.txt >@@ -0,0 +1,10 @@ >+Tests the behavior of same-origin referrer policy when cross origin. >+ >+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >+ >+ >+PASS referrer is "" >+PASS successfullyParsed is true >+ >+TEST COMPLETE >+ >diff --git a/LayoutTests/http/tests/referrer-policy-script/same-origin/cross-origin-http-http.html b/LayoutTests/http/tests/referrer-policy-script/same-origin/cross-origin-http-http.html >new file mode 100644 >index 0000000000000000000000000000000000000000..8b73c72d77540536b52ac74a4ee2d2ba3f5dcd52 >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/same-origin/cross-origin-http-http.html >@@ -0,0 +1,20 @@ >+<!DOCTYPE html> >+<html> >+<head> >+<script src="/js-test-resources/js-test.js"></script> >+</head> >+<body> >+<script> >+description("Tests the behavior of same-origin referrer policy when cross origin."); >+jsTestIsAsync = true; >+ >+function checkReferrer(value) { >+ referrer = value; >+ // Should be the empty string because we are cross-origin. >+ shouldBeEqualToString("referrer", ""); >+ finishJSTest(); >+} >+</script> >+<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="same-origin"></script> >+</body> >+</html> >diff --git a/LayoutTests/http/tests/referrer-policy-script/same-origin/cross-origin-http.https-expected.txt b/LayoutTests/http/tests/referrer-policy-script/same-origin/cross-origin-http.https-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..203dab80d6f958235a2bc646bbfcdbf85dc6f58e >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/same-origin/cross-origin-http.https-expected.txt >@@ -0,0 +1,14 @@ >+CONSOLE MESSAGE: line 4: [blocked] The page at https://127.0.0.1:8443/referrer-policy-script/same-origin/cross-origin-http.https.html was not allowed to run insecure content from http://localhost:8000/referrer-policy/resources/script.php. >+ >+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/referrer-policy-script/same-origin/cross-origin-http.https.html was allowed to run insecure content from http://localhost:8000/referrer-policy/resources/script.php. >+ >+Tests the behavior of same-origin referrer policy when cross origin from HTTPS to HTTP. >+ >+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >+ >+ >+PASS referrer is "" >+PASS successfullyParsed is true >+ >+TEST COMPLETE >+ >diff --git a/LayoutTests/http/tests/referrer-policy-script/same-origin/cross-origin-http.https.html b/LayoutTests/http/tests/referrer-policy-script/same-origin/cross-origin-http.https.html >new file mode 100644 >index 0000000000000000000000000000000000000000..8051bf7ad2dd99f152a2410a1776cedba4b42506 >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/same-origin/cross-origin-http.https.html >@@ -0,0 +1,23 @@ >+<!DOCTYPE html> >+<html> >+<head> >+<script src="/js-test-resources/js-test.js"></script> >+</head> >+<body> >+<script> >+description("Tests the behavior of same-origin referrer policy when cross origin from HTTPS to HTTP."); >+jsTestIsAsync = true; >+ >+if (window.internals) >+ internals.settings.setAllowRunningOfInsecureContent(true); >+ >+function checkReferrer(value) { >+ referrer = value; >+ // Should be the empty string because we are cross-origin. >+ shouldBeEqualToString("referrer", ""); >+ finishJSTest(); >+} >+</script> >+<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="same-origin"></script> >+</body> >+</html> >diff --git a/LayoutTests/http/tests/referrer-policy-script/same-origin/same-origin-expected.txt b/LayoutTests/http/tests/referrer-policy-script/same-origin/same-origin-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..ea40ae8535f8cf42efe6f7022d5da3a3404dcc82 >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/same-origin/same-origin-expected.txt >@@ -0,0 +1,10 @@ >+Tests the behavior of same-origin referrer policy when same origin. >+ >+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >+ >+ >+PASS referrer is "http://127.0.0.1:8000/referrer-policy-script/same-origin/same-origin.html" >+PASS successfullyParsed is true >+ >+TEST COMPLETE >+ >diff --git a/LayoutTests/http/tests/referrer-policy-script/same-origin/same-origin.html b/LayoutTests/http/tests/referrer-policy-script/same-origin/same-origin.html >new file mode 100644 >index 0000000000000000000000000000000000000000..10c03270caa5a02a420505ee43f815747259eb27 >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/same-origin/same-origin.html >@@ -0,0 +1,20 @@ >+<!DOCTYPE html> >+<html> >+<head> >+<script src="/js-test-resources/js-test.js"></script> >+</head> >+<body> >+<script> >+description("Tests the behavior of same-origin referrer policy when same origin."); >+jsTestIsAsync = true; >+ >+function checkReferrer(value) { >+ referrer = value; >+ // Should be the full URL because we are same-origin. >+ shouldBeEqualToString("referrer", "http://127.0.0.1:8000/referrer-policy-script/same-origin/same-origin.html"); >+ finishJSTest(); >+} >+</script> >+<script src="http://127.0.0.1:8000/referrer-policy/resources/script.php" referrerpolicy="same-origin"></script> >+</body> >+</html> >diff --git a/LayoutTests/http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http-http-expected.txt b/LayoutTests/http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http-http-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..f2fde089bbda7d9dabee285bab1d35d766e19c4d >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http-http-expected.txt >@@ -0,0 +1,10 @@ >+Tests the behavior of strict-origin-when-cross-origin referrer policy when cross origin. >+ >+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >+ >+ >+PASS referrer is "http://127.0.0.1:8000/" >+PASS successfullyParsed is true >+ >+TEST COMPLETE >+ >diff --git a/LayoutTests/http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http-http.html b/LayoutTests/http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http-http.html >new file mode 100644 >index 0000000000000000000000000000000000000000..d0706b9a69d2d5a1e5340403a4f45fb60de92f97 >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http-http.html >@@ -0,0 +1,20 @@ >+<!DOCTYPE html> >+<html> >+<head> >+<script src="/js-test-resources/js-test.js"></script> >+</head> >+<body> >+<script> >+description("Tests the behavior of strict-origin-when-cross-origin referrer policy when cross origin."); >+jsTestIsAsync = true; >+ >+function checkReferrer(value) { >+ referrer = value; >+ // Should be the origin, not the full URL, because we are cross-origin. >+ shouldBeEqualToString("referrer", "http://127.0.0.1:8000/"); >+ finishJSTest(); >+} >+</script> >+<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="strict-origin-when-cross-origin"></script> >+</body> >+</html> >diff --git a/LayoutTests/http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http.https-expected.txt b/LayoutTests/http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http.https-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..15d84026bf801ca2dae75d6fe8bb0e020b487356 >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http.https-expected.txt >@@ -0,0 +1,14 @@ >+CONSOLE MESSAGE: line 4: [blocked] The page at https://127.0.0.1:8443/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http.https.html was not allowed to run insecure content from http://localhost:8000/referrer-policy/resources/script.php. >+ >+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http.https.html was allowed to run insecure content from http://localhost:8000/referrer-policy/resources/script.php. >+ >+Tests the behavior of strict-origin-when-cross-origin referrer policy when cross origin from HTTPS to HTTP. >+ >+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >+ >+ >+PASS referrer is "" >+PASS successfullyParsed is true >+ >+TEST COMPLETE >+ >diff --git a/LayoutTests/http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http.https.html b/LayoutTests/http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http.https.html >new file mode 100644 >index 0000000000000000000000000000000000000000..d2d41b30d8546e420b8460a442691e9269a5ea36 >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http.https.html >@@ -0,0 +1,23 @@ >+<!DOCTYPE html> >+<html> >+<head> >+<script src="/js-test-resources/js-test.js"></script> >+</head> >+<body> >+<script> >+description("Tests the behavior of strict-origin-when-cross-origin referrer policy when cross origin from HTTPS to HTTP."); >+jsTestIsAsync = true; >+ >+if (window.internals) >+ internals.settings.setAllowRunningOfInsecureContent(true); >+ >+function checkReferrer(value) { >+ referrer = value; >+ // Should be the empty string because we are cross-origin and going from HTTPS to HTTP. >+ shouldBeEqualToString("referrer", ""); >+ finishJSTest(); >+} >+</script> >+<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="strict-origin-when-cross-origin"></script> >+</body> >+</html> >diff --git a/LayoutTests/http/tests/referrer-policy-script/strict-origin-when-cross-origin/same-origin-expected.txt b/LayoutTests/http/tests/referrer-policy-script/strict-origin-when-cross-origin/same-origin-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..f72d248bfab09f2f7a6748bb4dbb1194c5d59335 >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/strict-origin-when-cross-origin/same-origin-expected.txt >@@ -0,0 +1,10 @@ >+Tests the behavior of strict-origin-when-cross-origin referrer policy when same origin. >+ >+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >+ >+ >+PASS referrer is "http://127.0.0.1:8000/referrer-policy-script/strict-origin-when-cross-origin/same-origin.html" >+PASS successfullyParsed is true >+ >+TEST COMPLETE >+ >diff --git a/LayoutTests/http/tests/referrer-policy-script/strict-origin-when-cross-origin/same-origin.html b/LayoutTests/http/tests/referrer-policy-script/strict-origin-when-cross-origin/same-origin.html >new file mode 100644 >index 0000000000000000000000000000000000000000..3bd3f4d4910a9cb37c32b7dd5dd02a1f06e00406 >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/strict-origin-when-cross-origin/same-origin.html >@@ -0,0 +1,20 @@ >+<!DOCTYPE html> >+<html> >+<head> >+<script src="/js-test-resources/js-test.js"></script> >+</head> >+<body> >+<script> >+description("Tests the behavior of strict-origin-when-cross-origin referrer policy when same origin."); >+jsTestIsAsync = true; >+ >+function checkReferrer(value) { >+ referrer = value; >+ // Should be the full URL because we are same-origin. >+ shouldBeEqualToString("referrer", "http://127.0.0.1:8000/referrer-policy-script/strict-origin-when-cross-origin/same-origin.html"); >+ finishJSTest(); >+} >+</script> >+<script src="http://127.0.0.1:8000/referrer-policy/resources/script.php" referrerpolicy="strict-origin-when-cross-origin"></script> >+</body> >+</html> >diff --git a/LayoutTests/http/tests/referrer-policy-script/strict-origin/cross-origin-http-http-expected.txt b/LayoutTests/http/tests/referrer-policy-script/strict-origin/cross-origin-http-http-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..da95369e413abb00464d5c5d96beabadb100479f >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/strict-origin/cross-origin-http-http-expected.txt >@@ -0,0 +1,10 @@ >+Tests the behavior of strict-origin referrer policy when cross origin. >+ >+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >+ >+ >+PASS referrer is "http://127.0.0.1:8000/" >+PASS successfullyParsed is true >+ >+TEST COMPLETE >+ >diff --git a/LayoutTests/http/tests/referrer-policy-script/strict-origin/cross-origin-http-http.html b/LayoutTests/http/tests/referrer-policy-script/strict-origin/cross-origin-http-http.html >new file mode 100644 >index 0000000000000000000000000000000000000000..2692961facdd35155298f5d9b13f5c818068a022 >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/strict-origin/cross-origin-http-http.html >@@ -0,0 +1,20 @@ >+<!DOCTYPE html> >+<html> >+<head> >+<script src="/js-test-resources/js-test.js"></script> >+</head> >+<body> >+<script> >+description("Tests the behavior of strict-origin referrer policy when cross origin."); >+jsTestIsAsync = true; >+ >+function checkReferrer(value) { >+ referrer = value; >+ // Should be the origin, not the full URL. >+ shouldBeEqualToString("referrer", "http://127.0.0.1:8000/"); >+ finishJSTest(); >+} >+</script> >+<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="strict-origin"></script> >+</body> >+</html> >diff --git a/LayoutTests/http/tests/referrer-policy-script/strict-origin/cross-origin-http.https-expected.txt b/LayoutTests/http/tests/referrer-policy-script/strict-origin/cross-origin-http.https-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..7db45a08052152d7c9d8bf42d309a403ed2f2e3f >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/strict-origin/cross-origin-http.https-expected.txt >@@ -0,0 +1,14 @@ >+CONSOLE MESSAGE: line 4: [blocked] The page at https://127.0.0.1:8443/referrer-policy-script/strict-origin/cross-origin-http.https.html was not allowed to run insecure content from http://localhost:8000/referrer-policy/resources/script.php. >+ >+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/referrer-policy-script/strict-origin/cross-origin-http.https.html was allowed to run insecure content from http://localhost:8000/referrer-policy/resources/script.php. >+ >+Tests the behavior of strict-origin referrer policy when cross origin from HTTPS to HTTP. >+ >+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >+ >+ >+PASS referrer is "" >+PASS successfullyParsed is true >+ >+TEST COMPLETE >+ >diff --git a/LayoutTests/http/tests/referrer-policy-script/strict-origin/cross-origin-http.https.html b/LayoutTests/http/tests/referrer-policy-script/strict-origin/cross-origin-http.https.html >new file mode 100644 >index 0000000000000000000000000000000000000000..ded68b6d3f476496df74b47854d3b4ff988f04ca >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/strict-origin/cross-origin-http.https.html >@@ -0,0 +1,23 @@ >+<!DOCTYPE html> >+<html> >+<head> >+<script src="/js-test-resources/js-test.js"></script> >+</head> >+<body> >+<script> >+description("Tests the behavior of strict-origin referrer policy when cross origin from HTTPS to HTTP."); >+jsTestIsAsync = true; >+ >+if (window.internals) >+ internals.settings.setAllowRunningOfInsecureContent(true); >+ >+function checkReferrer(value) { >+ referrer = value; >+ // Should be the empty string because we are going from HTTPS to HTTP. >+ shouldBeEqualToString("referrer", ""); >+ finishJSTest(); >+} >+</script> >+<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="strict-origin"></script> >+</body> >+</html> >diff --git a/LayoutTests/http/tests/referrer-policy-script/strict-origin/same-origin-expected.txt b/LayoutTests/http/tests/referrer-policy-script/strict-origin/same-origin-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..057bdd0ef267957d9b19275103914679699bef41 >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/strict-origin/same-origin-expected.txt >@@ -0,0 +1,10 @@ >+Tests the behavior of strict-origin referrer policy when same origin. >+ >+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >+ >+ >+PASS referrer is "http://127.0.0.1:8000/" >+PASS successfullyParsed is true >+ >+TEST COMPLETE >+ >diff --git a/LayoutTests/http/tests/referrer-policy-script/strict-origin/same-origin.html b/LayoutTests/http/tests/referrer-policy-script/strict-origin/same-origin.html >new file mode 100644 >index 0000000000000000000000000000000000000000..21ee31156944ccc1cf3c1031f95080bde3eda7fd >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/strict-origin/same-origin.html >@@ -0,0 +1,20 @@ >+<!DOCTYPE html> >+<html> >+<head> >+<script src="/js-test-resources/js-test.js"></script> >+</head> >+<body> >+<script> >+description("Tests the behavior of strict-origin referrer policy when same origin."); >+jsTestIsAsync = true; >+ >+function checkReferrer(value) { >+ referrer = value; >+ // Should be the origin, not the full URL. >+ shouldBeEqualToString("referrer", "http://127.0.0.1:8000/"); >+ finishJSTest(); >+} >+</script> >+<script src="http://127.0.0.1:8000/referrer-policy/resources/script.php" referrerpolicy="strict-origin"></script> >+</body> >+</html> >diff --git a/LayoutTests/http/tests/referrer-policy-script/unsafe-url/cross-origin-http-http-expected.txt b/LayoutTests/http/tests/referrer-policy-script/unsafe-url/cross-origin-http-http-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..0b0f03e7b190a229f7017c0cc1424603972301d8 >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/unsafe-url/cross-origin-http-http-expected.txt >@@ -0,0 +1,10 @@ >+Tests the behavior of unsafe-url referrer policy when cross origin. >+ >+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >+ >+ >+PASS referrer is "http://127.0.0.1:8000/referrer-policy-script/unsafe-url/cross-origin-http-http.html" >+PASS successfullyParsed is true >+ >+TEST COMPLETE >+ >diff --git a/LayoutTests/http/tests/referrer-policy-script/unsafe-url/cross-origin-http-http.html b/LayoutTests/http/tests/referrer-policy-script/unsafe-url/cross-origin-http-http.html >new file mode 100644 >index 0000000000000000000000000000000000000000..71e1bfa589bf04404aa563fb8fda9d33c0481b94 >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/unsafe-url/cross-origin-http-http.html >@@ -0,0 +1,20 @@ >+<!DOCTYPE html> >+<html> >+<head> >+<script src="/js-test-resources/js-test.js"></script> >+</head> >+<body> >+<script> >+description("Tests the behavior of unsafe-url referrer policy when cross origin."); >+jsTestIsAsync = true; >+ >+function checkReferrer(value) { >+ referrer = value; >+ // Should be the full URL >+ shouldBeEqualToString("referrer", "http://127.0.0.1:8000/referrer-policy-script/unsafe-url/cross-origin-http-http.html"); >+ finishJSTest(); >+} >+</script> >+<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="unsaf-url"></script> >+</body> >+</html> >diff --git a/LayoutTests/http/tests/referrer-policy-script/unsafe-url/cross-origin-http.https-expected.txt b/LayoutTests/http/tests/referrer-policy-script/unsafe-url/cross-origin-http.https-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..e1570d19c5a690dfebd0f7ce2adf01422fd1e1cf >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/unsafe-url/cross-origin-http.https-expected.txt >@@ -0,0 +1,14 @@ >+CONSOLE MESSAGE: line 4: [blocked] The page at https://127.0.0.1:8443/referrer-policy-script/unsafe-url/cross-origin-http.https.html was not allowed to run insecure content from http://localhost:8000/referrer-policy/resources/script.php. >+ >+CONSOLE MESSAGE: The page at https://127.0.0.1:8443/referrer-policy-script/unsafe-url/cross-origin-http.https.html was allowed to run insecure content from http://localhost:8000/referrer-policy/resources/script.php. >+ >+Tests the behavior of unsafe-url referrer policy when cross origin from HTTPS to HTTP. >+ >+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >+ >+ >+PASS referrer is "https://127.0.0.1:8443/referrer-policy-script/unsafe-url/cross-origin-http.https.html" >+PASS successfullyParsed is true >+ >+TEST COMPLETE >+ >diff --git a/LayoutTests/http/tests/referrer-policy-script/unsafe-url/cross-origin-http.https.html b/LayoutTests/http/tests/referrer-policy-script/unsafe-url/cross-origin-http.https.html >new file mode 100644 >index 0000000000000000000000000000000000000000..efc3a84b089851363f6eceda52a8ea9aefea3cae >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/unsafe-url/cross-origin-http.https.html >@@ -0,0 +1,23 @@ >+<!DOCTYPE html> >+<html> >+<head> >+<script src="/js-test-resources/js-test.js"></script> >+</head> >+<body> >+<script> >+description("Tests the behavior of unsafe-url referrer policy when cross origin from HTTPS to HTTP."); >+jsTestIsAsync = true; >+ >+if (window.internals) >+ internals.settings.setAllowRunningOfInsecureContent(true); >+ >+function checkReferrer(value) { >+ referrer = value; >+ // Should be the full URL >+ shouldBeEqualToString("referrer", "https://127.0.0.1:8443/referrer-policy-script/unsafe-url/cross-origin-http.https.html"); >+ finishJSTest(); >+} >+</script> >+<script src="http://localhost:8000/referrer-policy/resources/script.php" referrerpolicy="unsafe-url"></script> >+</body> >+</html> >diff --git a/LayoutTests/http/tests/referrer-policy-script/unsafe-url/same-origin-expected.txt b/LayoutTests/http/tests/referrer-policy-script/unsafe-url/same-origin-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..6b67f0d79290af91daae5108bc29f191d08a9f4d >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/unsafe-url/same-origin-expected.txt >@@ -0,0 +1,10 @@ >+Tests the behavior of unsafe-url referrer policy when same origin. >+ >+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". >+ >+ >+PASS referrer is "http://127.0.0.1:8000/referrer-policy-script/unsafe-url/same-origin.html" >+PASS successfullyParsed is true >+ >+TEST COMPLETE >+ >diff --git a/LayoutTests/http/tests/referrer-policy-script/unsafe-url/same-origin.html b/LayoutTests/http/tests/referrer-policy-script/unsafe-url/same-origin.html >new file mode 100644 >index 0000000000000000000000000000000000000000..e5eddebb77d7feb6dba196537957c0e7b22b4a61 >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy-script/unsafe-url/same-origin.html >@@ -0,0 +1,20 @@ >+<!DOCTYPE html> >+<html> >+<head> >+<script src="/js-test-resources/js-test.js"></script> >+</head> >+<body> >+<script> >+description("Tests the behavior of unsafe-url referrer policy when same origin."); >+jsTestIsAsync = true; >+ >+function checkReferrer(value) { >+ referrer = value; >+ // Should be the full URL >+ shouldBeEqualToString("referrer", "http://127.0.0.1:8000/referrer-policy-script/unsafe-url/same-origin.html"); >+ finishJSTest(); >+} >+</script> >+<script src="http://127.0.0.1:8000/referrer-policy/resources/script.php" referrerpolicy="unsafe-url"></script> >+</body> >+</html> >diff --git a/LayoutTests/http/tests/referrer-policy/resources/script.php b/LayoutTests/http/tests/referrer-policy/resources/script.php >new file mode 100644 >index 0000000000000000000000000000000000000000..bc23c710a74530e577935fdb043973eb349d5dd8 >--- /dev/null >+++ b/LayoutTests/http/tests/referrer-policy/resources/script.php >@@ -0,0 +1,5 @@ >+<?php >+header("Cache: no-cache, no-store"); >+$refer = $_SERVER['HTTP_REFERER']; >+print("checkReferrer('$refer');"); >+?>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=370878">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 185550
:
370716
|
370751
|
370759
|
370761
|
370765
|
370768
|
370772
|
370833
|
370835
|
370870
|
370878
|
370884
|
370886
|
370889
|
370892
|
370918
|
370926
|
370928
|
370931
|
370933
|
370936
|
370939
|
374201
|
374204