diff options
| author | Matt A. Tobin <mattatobin@localhost.localdomain> | 2018-02-02 04:16:08 -0500 |
|---|---|---|
| committer | Matt A. Tobin <mattatobin@localhost.localdomain> | 2018-02-02 04:16:08 -0500 |
| commit | 5f8de423f190bbb79a62f804151bc24824fa32d8 (patch) | |
| tree | 10027f336435511475e392454359edea8e25895d /testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp | |
| parent | 49ee0794b5d912db1f95dce6eb52d781dc210db5 (diff) | |
| download | UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.gz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.lz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.xz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.zip | |
Add m-esr52 at 52.6.0
Diffstat (limited to 'testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp')
120 files changed, 2580 insertions, 0 deletions
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html new file mode 100644 index 000000000..301edeccd --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via fetch-request using the http-rp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html new file mode 100644 index 000000000..e398d4662 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via fetch-request using the http-rp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html new file mode 100644 index 000000000..eb995697d --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via fetch-request using the http-rp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html new file mode 100644 index 000000000..a05ee8ec3 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via iframe-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html new file mode 100644 index 000000000..00e0b12f9 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via iframe-tag using the http-rp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html new file mode 100644 index 000000000..4e1745300 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via iframe-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html new file mode 100644 index 000000000..99be5759b --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html new file mode 100644 index 000000000..8b4c4a85c --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the http-rp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html new file mode 100644 index 000000000..3a808fa16 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html new file mode 100644 index 000000000..e6a4a48ef --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via script-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html new file mode 100644 index 000000000..5b6a0f069 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via script-tag using the http-rp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html new file mode 100644 index 000000000..45a76a776 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via script-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html new file mode 100644 index 000000000..a3f6a8b60 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via xhr-request using the http-rp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html new file mode 100644 index 000000000..013ad95a1 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via xhr-request using the http-rp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html new file mode 100644 index 000000000..eb834de9b --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via xhr-request using the http-rp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html new file mode 100644 index 000000000..a3f6d25c8 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via fetch-request using the http-rp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html new file mode 100644 index 000000000..7e456c402 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via fetch-request using the http-rp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html new file mode 100644 index 000000000..6684bb31e --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via fetch-request using the http-rp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html new file mode 100644 index 000000000..293756816 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via iframe-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html new file mode 100644 index 000000000..695a773b0 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via iframe-tag using the http-rp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html new file mode 100644 index 000000000..f7e7f0bf2 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via iframe-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html new file mode 100644 index 000000000..a54cf8649 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html new file mode 100644 index 000000000..b7adfc59b --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the http-rp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html new file mode 100644 index 000000000..6639c028e --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html new file mode 100644 index 000000000..f6e4ba09b --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via script-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html new file mode 100644 index 000000000..8aaee1ba9 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via script-tag using the http-rp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html new file mode 100644 index 000000000..0a7d63121 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via script-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html new file mode 100644 index 000000000..5c4afd6b4 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via xhr-request using the http-rp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html new file mode 100644 index 000000000..bd9dec511 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via xhr-request using the http-rp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html new file mode 100644 index 000000000..dd03fe581 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via xhr-request using the http-rp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html new file mode 100644 index 000000000..5b0157e85 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via fetch-request using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html new file mode 100644 index 000000000..47a08ddf8 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via fetch-request using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html new file mode 100644 index 000000000..be990f211 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via fetch-request using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html new file mode 100644 index 000000000..8cf74125a --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via iframe-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html new file mode 100644 index 000000000..7cb08817b --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via iframe-tag using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html new file mode 100644 index 000000000..2a4bde0b9 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via iframe-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html new file mode 100644 index 000000000..55ccac1f1 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html new file mode 100644 index 000000000..36e1fed42 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html new file mode 100644 index 000000000..fc4a9865c --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html new file mode 100644 index 000000000..c0fe57edd --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via script-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html new file mode 100644 index 000000000..dffd45534 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via script-tag using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html new file mode 100644 index 000000000..79d8995f9 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via script-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html new file mode 100644 index 000000000..d521c1671 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via xhr-request using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html new file mode 100644 index 000000000..6299e8ec7 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via xhr-request using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html new file mode 100644 index 000000000..c67433bb7 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via xhr-request using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html new file mode 100644 index 000000000..8b46cf583 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via fetch-request using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html new file mode 100644 index 000000000..94290a0c4 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via fetch-request using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html new file mode 100644 index 000000000..dd800d38e --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via fetch-request using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html new file mode 100644 index 000000000..96b2d3201 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via iframe-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html new file mode 100644 index 000000000..75f0f3334 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via iframe-tag using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html new file mode 100644 index 000000000..97c4bb92e --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via iframe-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html new file mode 100644 index 000000000..f6e9650e2 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html new file mode 100644 index 000000000..71ff29503 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html new file mode 100644 index 000000000..399bb0c14 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html new file mode 100644 index 000000000..2ec45b40a --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via script-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html new file mode 100644 index 000000000..6a93f8429 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via script-tag using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html new file mode 100644 index 000000000..9b72d4bbb --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via script-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html new file mode 100644 index 000000000..a7fac6177 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via xhr-request using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html new file mode 100644 index 000000000..6e8a612c8 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via xhr-request using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html new file mode 100644 index 000000000..68cc56301 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title> + <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via xhr-request using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "no-referrer-when-downgrade", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..f2152da95 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: no-referrer-when-downgrade +Access-Control-Allow-Origin: * |