diff options
| author | Matt A. Tobin <mattatobin@localhost.localdomain> | 2018-02-02 04:16:08 -0500 |
|---|---|---|
| committer | Matt A. Tobin <mattatobin@localhost.localdomain> | 2018-02-02 04:16:08 -0500 |
| commit | 5f8de423f190bbb79a62f804151bc24824fa32d8 (patch) | |
| tree | 10027f336435511475e392454359edea8e25895d /testing/web-platform/tests/referrer-policy/strict-origin/http-rp | |
| parent | 49ee0794b5d912db1f95dce6eb52d781dc210db5 (diff) | |
| download | UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.gz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.lz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.xz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.zip | |
Add m-esr52 at 52.6.0
Diffstat (limited to 'testing/web-platform/tests/referrer-policy/strict-origin/http-rp')
120 files changed, 2580 insertions, 0 deletions
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html new file mode 100644 index 000000000..b8bfa369c --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via fetch-request using the http-rp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html new file mode 100644 index 000000000..e7abb5524 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via fetch-request using the http-rp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html new file mode 100644 index 000000000..ee0f6a65e --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via fetch-request using the http-rp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html new file mode 100644 index 000000000..6e0f4dd79 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via iframe-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html new file mode 100644 index 000000000..6dcc1de0c --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via iframe-tag using the http-rp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html new file mode 100644 index 000000000..dd867e250 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via iframe-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html new file mode 100644 index 000000000..a8a664fab --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via img-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html new file mode 100644 index 000000000..778eace94 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via img-tag using the http-rp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html new file mode 100644 index 000000000..151cdf90d --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via img-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html new file mode 100644 index 000000000..8356d3b18 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via script-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html new file mode 100644 index 000000000..be8889a92 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via script-tag using the http-rp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html new file mode 100644 index 000000000..f579e9627 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via script-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html new file mode 100644 index 000000000..6771dfdc2 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via xhr-request using the http-rp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html new file mode 100644 index 000000000..82b6165be --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via xhr-request using the http-rp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html new file mode 100644 index 000000000..850b62b05 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via xhr-request using the http-rp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html new file mode 100644 index 000000000..8dd238f17 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via fetch-request using the http-rp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html new file mode 100644 index 000000000..d0c92c8c3 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via fetch-request using the http-rp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html new file mode 100644 index 000000000..80aba4f30 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via fetch-request using the http-rp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html new file mode 100644 index 000000000..76edcef00 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via iframe-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html new file mode 100644 index 000000000..0c9a64d75 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via iframe-tag using the http-rp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html new file mode 100644 index 000000000..7261e079b --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via iframe-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html new file mode 100644 index 000000000..e3d99ada9 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html new file mode 100644 index 000000000..bf4f76c42 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the http-rp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html new file mode 100644 index 000000000..3568a5853 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html new file mode 100644 index 000000000..34678b6e0 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via script-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html new file mode 100644 index 000000000..fd6fa84b8 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via script-tag using the http-rp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html new file mode 100644 index 000000000..8e2f26110 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via script-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html new file mode 100644 index 000000000..f1ef4905a --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via xhr-request using the http-rp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html new file mode 100644 index 000000000..882ec58e8 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via xhr-request using the http-rp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html new file mode 100644 index 000000000..61222c061 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via xhr-request using the http-rp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html new file mode 100644 index 000000000..07324af6d --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via fetch-request using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html new file mode 100644 index 000000000..74f5a7ccc --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via fetch-request using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html new file mode 100644 index 000000000..e0c913583 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via fetch-request using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html new file mode 100644 index 000000000..28616e8af --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via iframe-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html new file mode 100644 index 000000000..4fb70527b --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via iframe-tag using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html new file mode 100644 index 000000000..dc4f644b7 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via iframe-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html new file mode 100644 index 000000000..829b2b072 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via img-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html new file mode 100644 index 000000000..e2be71dd9 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via img-tag using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html new file mode 100644 index 000000000..b3d3dc54a --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via img-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html new file mode 100644 index 000000000..56fdc7923 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via script-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html new file mode 100644 index 000000000..62397c248 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via script-tag using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html new file mode 100644 index 000000000..183620ee8 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via script-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html new file mode 100644 index 000000000..dce61d41d --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via xhr-request using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html new file mode 100644 index 000000000..c857f4c76 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via xhr-request using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html new file mode 100644 index 000000000..1f137283c --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via xhr-request using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html new file mode 100644 index 000000000..4a82c2944 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via fetch-request using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html new file mode 100644 index 000000000..787d3afc7 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via fetch-request using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html new file mode 100644 index 000000000..0a1d40c5f --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via fetch-request using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html new file mode 100644 index 000000000..999c43e8b --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via iframe-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html new file mode 100644 index 000000000..6330560d9 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via iframe-tag using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html new file mode 100644 index 000000000..4681722ab --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via iframe-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html new file mode 100644 index 000000000..1487f9645 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html new file mode 100644 index 000000000..ddd876b91 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html new file mode 100644 index 000000000..6c92b8d51 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html new file mode 100644 index 000000000..c2fef2eab --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via script-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html new file mode 100644 index 000000000..51b0a8069 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via script-tag using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html new file mode 100644 index 000000000..ab62bdbee --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via script-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html new file mode 100644 index 000000000..bd5bbed36 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via xhr-request using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html new file mode 100644 index 000000000..a3d7e8477 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via xhr-request using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html new file mode 100644 index 000000000..e264bc35c --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title> + <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via xhr-request using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..07af8e286 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin +Access-Control-Allow-Origin: * |