summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/referrer-policy
diff options
context:
space:
mode:
authorMatt A. Tobin <mattatobin@localhost.localdomain>2018-02-02 04:16:08 -0500
committerMatt A. Tobin <mattatobin@localhost.localdomain>2018-02-02 04:16:08 -0500
commit5f8de423f190bbb79a62f804151bc24824fa32d8 (patch)
tree10027f336435511475e392454359edea8e25895d /testing/web-platform/tests/referrer-policy
parent49ee0794b5d912db1f95dce6eb52d781dc210db5 (diff)
downloadUXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.gz
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.lz
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.xz
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.zip
Add m-esr52 at 52.6.0
Diffstat (limited to 'testing/web-platform/tests/referrer-policy')
-rw-r--r--testing/web-platform/tests/referrer-policy/OWNERS1
-rw-r--r--testing/web-platform/tests/referrer-policy/README.md245
-rw-r--r--testing/web-platform/tests/referrer-policy/generic/common.js212
-rw-r--r--testing/web-platform/tests/referrer-policy/generic/referrer-policy-test-case.js125
-rw-r--r--testing/web-platform/tests/referrer-policy/generic/sanity-checker.js52
-rw-r--r--testing/web-platform/tests/referrer-policy/generic/subresource-test/area-navigate.html39
-rw-r--r--testing/web-platform/tests/referrer-policy/generic/subresource-test/attr-referrer-invalid-value.html25
-rw-r--r--testing/web-platform/tests/referrer-policy/generic/subresource-test/fetch-messaging.html48
-rw-r--r--testing/web-platform/tests/referrer-policy/generic/subresource-test/iframe-messaging.html39
-rw-r--r--testing/web-platform/tests/referrer-policy/generic/subresource-test/image-decoding.html39
-rw-r--r--testing/web-platform/tests/referrer-policy/generic/subresource-test/link-navigate.html39
-rw-r--r--testing/web-platform/tests/referrer-policy/generic/subresource-test/script-messaging.html39
-rw-r--r--testing/web-platform/tests/referrer-policy/generic/subresource-test/worker-messaging.html39
-rw-r--r--testing/web-platform/tests/referrer-policy/generic/subresource-test/xhr-messaging.html39
-rwxr-xr-xtesting/web-platform/tests/referrer-policy/generic/subresource/__init__.py0
-rw-r--r--testing/web-platform/tests/referrer-policy/generic/subresource/document.py12
-rw-r--r--testing/web-platform/tests/referrer-policy/generic/subresource/image.py100
-rw-r--r--testing/web-platform/tests/referrer-policy/generic/subresource/script.py13
-rw-r--r--testing/web-platform/tests/referrer-policy/generic/subresource/subresource.py94
-rw-r--r--testing/web-platform/tests/referrer-policy/generic/subresource/worker.py12
-rwxr-xr-xtesting/web-platform/tests/referrer-policy/generic/subresource/xhr.py15
-rw-r--r--testing/web-platform/tests/referrer-policy/generic/template/disclaimer.template1
-rw-r--r--testing/web-platform/tests/referrer-policy/generic/template/document.html.template16
-rw-r--r--testing/web-platform/tests/referrer-policy/generic/template/script.js.template3
-rw-r--r--testing/web-platform/tests/referrer-policy/generic/template/spec_json.js.template1
-rw-r--r--testing/web-platform/tests/referrer-policy/generic/template/test.debug.html.template70
-rw-r--r--testing/web-platform/tests/referrer-policy/generic/template/test.js.template15
-rw-r--r--testing/web-platform/tests/referrer-policy/generic/template/test.release.html.template20
-rw-r--r--testing/web-platform/tests/referrer-policy/generic/template/test_description.template5
-rw-r--r--testing/web-platform/tests/referrer-policy/generic/template/worker.js.template3
-rw-r--r--testing/web-platform/tests/referrer-policy/generic/tools/__init__.py0
-rwxr-xr-xtesting/web-platform/tests/referrer-policy/generic/tools/clean.py35
-rw-r--r--testing/web-platform/tests/referrer-policy/generic/tools/common_paths.py52
-rwxr-xr-xtesting/web-platform/tests/referrer-policy/generic/tools/generate.py172
-rwxr-xr-xtesting/web-platform/tests/referrer-policy/generic/tools/regenerate3
-rwxr-xr-xtesting/web-platform/tests/referrer-policy/generic/tools/spec_validator.py166
-rw-r--r--testing/web-platform/tests/referrer-policy/generic/unsupported-csp-referrer-directive.html30
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-http/iframe-tag/generic.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-https/iframe-tag/generic.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/fetch-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/fetch-request/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/img-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/img-tag/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/script-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/script-tag/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/xhr-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/xhr-request/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/fetch-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/fetch-request/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/img-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/img-tag/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/script-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/script-tag/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/xhr-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/xhr-request/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/fetch-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/fetch-request/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/iframe-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/iframe-tag/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/img-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/img-tag/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/script-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/script-tag/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/xhr-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/xhr-request/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/fetch-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/fetch-request/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/iframe-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/iframe-tag/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/img-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/img-tag/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/script-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/script-tag/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/xhr-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/xhr-request/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/fetch-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/script-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/xhr-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/fetch-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/script-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/xhr-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/fetch-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/iframe-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/script-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/xhr-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/fetch-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/iframe-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/script-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/xhr-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-http/iframe-tag/cross-origin.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-http/iframe-tag/cross-origin.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-https/iframe-tag/cross-origin.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-https/iframe-tag/cross-origin.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/iframe-tag/same-origin-downgrade.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/iframe-tag/same-origin-downgrade.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/iframe-tag/same-origin-downgrade.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/iframe-tag/same-origin-upgrade.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/iframe-tag/same-origin-upgrade.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/iframe-tag/same-origin-upgrade.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/img-tag/same-origin-downgrade.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/img-tag/same-origin-downgrade.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/img-tag/same-origin-downgrade.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/img-tag/same-origin-upgrade.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/img-tag/same-origin-upgrade.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/img-tag/same-origin-upgrade.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-downgrade.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-downgrade.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-downgrade.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-downgrade.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-downgrade.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-downgrade.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-insecure.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-upgrade.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-upgrade.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-upgrade.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-upgrade.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-upgrade.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-upgrade.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-downgrade.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-downgrade.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-downgrade.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-downgrade.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-downgrade.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-downgrade.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-upgrade.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-upgrade.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-upgrade.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-upgrade.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-upgrade.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-upgrade.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-downgrade.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-downgrade.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-downgrade.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-downgrade.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-downgrade.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-downgrade.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-upgrade.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-upgrade.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-upgrade.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-upgrade.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-upgrade.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-upgrade.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-downgrade.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-downgrade.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-downgrade.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-downgrade.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-downgrade.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-downgrade.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-insecure.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-upgrade.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-upgrade.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-upgrade.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-upgrade.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-upgrade.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-upgrade.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-downgrade.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-downgrade.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-downgrade.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-downgrade.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-downgrade.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-downgrade.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-insecure.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-upgrade.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-upgrade.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-upgrade.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-upgrade.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-upgrade.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-upgrade.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/fetch-request/cross-origin.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/fetch-request/cross-origin.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/fetch-request/cross-origin.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/iframe-tag/cross-origin.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/iframe-tag/cross-origin.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/script-tag/cross-origin.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/script-tag/cross-origin.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/script-tag/cross-origin.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/fetch-request/cross-origin.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/fetch-request/cross-origin.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/fetch-request/cross-origin.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/iframe-tag/cross-origin.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/iframe-tag/cross-origin.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/script-tag/cross-origin.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/script-tag/cross-origin.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/script-tag/cross-origin.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/xhr-request/cross-origin.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/xhr-request/cross-origin.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/xhr-request/cross-origin.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/fetch-request/same-origin-insecure.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/fetch-request/same-origin-insecure.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/fetch-request/same-origin-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/script-tag/same-origin-insecure.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/script-tag/same-origin-insecure.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/script-tag/same-origin-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/xhr-request/same-origin-insecure.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/xhr-request/same-origin-insecure.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/xhr-request/same-origin-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/fetch-request/same-origin-downgrade.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/fetch-request/same-origin-downgrade.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/fetch-request/same-origin-downgrade.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/fetch-request/same-origin-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/fetch-request/same-origin-upgrade.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/fetch-request/same-origin-upgrade.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/fetch-request/same-origin-upgrade.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/iframe-tag/same-origin-downgrade.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/iframe-tag/same-origin-downgrade.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/iframe-tag/same-origin-downgrade.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/iframe-tag/same-origin-upgrade.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/iframe-tag/same-origin-upgrade.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/iframe-tag/same-origin-upgrade.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-downgrade.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-downgrade.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-downgrade.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-upgrade.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-upgrade.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-upgrade.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/script-tag/same-origin-downgrade.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/script-tag/same-origin-downgrade.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/script-tag/same-origin-downgrade.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/script-tag/same-origin-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/script-tag/same-origin-upgrade.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/script-tag/same-origin-upgrade.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/script-tag/same-origin-upgrade.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/xhr-request/same-origin-downgrade.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/xhr-request/same-origin-downgrade.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/xhr-request/same-origin-downgrade.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/xhr-request/same-origin-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/xhr-request/same-origin-upgrade.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/xhr-request/same-origin-upgrade.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/xhr-request/same-origin-upgrade.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-http/iframe-tag/generic.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-https/iframe-tag/generic.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/fetch-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/fetch-request/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/img-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/img-tag/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/script-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/script-tag/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/xhr-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/xhr-request/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/fetch-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/fetch-request/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/img-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/img-tag/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/script-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/script-tag/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/xhr-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/xhr-request/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/fetch-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/fetch-request/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/iframe-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/iframe-tag/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/img-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/img-tag/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/script-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/script-tag/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/xhr-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/xhr-request/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/fetch-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/fetch-request/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/iframe-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/iframe-tag/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/img-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/img-tag/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/script-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/script-tag/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/xhr-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/xhr-request/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/fetch-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/script-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/xhr-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/fetch-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/script-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/xhr-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/fetch-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/iframe-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/script-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/xhr-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/fetch-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/iframe-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/script-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/xhr-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-http/iframe-tag/cross-origin.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-http/iframe-tag/cross-origin.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-https/iframe-tag/cross-origin.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-https/iframe-tag/cross-origin.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-https/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/fetch-request/same-origin-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/fetch-request/same-origin-insecure.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/script-tag/same-origin-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/script-tag/same-origin-insecure.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/xhr-request/same-origin-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/xhr-request/same-origin-insecure.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/fetch-request/cross-origin.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/fetch-request/cross-origin.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/fetch-request/cross-origin.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/iframe-tag/cross-origin.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/iframe-tag/cross-origin.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/script-tag/cross-origin.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/script-tag/cross-origin.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/script-tag/cross-origin.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/fetch-request/cross-origin.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/fetch-request/cross-origin.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/fetch-request/cross-origin.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/iframe-tag/cross-origin.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/iframe-tag/cross-origin.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/script-tag/cross-origin.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/script-tag/cross-origin.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/script-tag/cross-origin.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/xhr-request/cross-origin.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/xhr-request/cross-origin.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/xhr-request/cross-origin.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/fetch-request/same-origin-insecure.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/fetch-request/same-origin-insecure.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/fetch-request/same-origin-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/script-tag/same-origin-insecure.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/script-tag/same-origin-insecure.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/script-tag/same-origin-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/xhr-request/same-origin-insecure.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/xhr-request/same-origin-insecure.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/xhr-request/same-origin-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-https/fetch-request/same-origin-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-https/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-https/script-tag/same-origin-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-https/xhr-request/same-origin-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/spec.src.json638
-rw-r--r--testing/web-platform/tests/referrer-policy/spec_json.js1
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-http/iframe-tag/cross-insecure.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-http/iframe-tag/cross-insecure.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-http/iframe-tag/cross-insecure.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-http/img-tag/cross-insecure.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-http/img-tag/cross-insecure.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-http/img-tag/cross-insecure.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-http/iframe-tag/same-insecure.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-http/iframe-tag/same-insecure.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-http/iframe-tag/same-insecure.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-http/img-tag/same-insecure.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-http/img-tag/same-insecure.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-http/img-tag/same-insecure.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-insecure.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-insecure.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-insecure.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-insecure.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-insecure.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-insecure.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-insecure.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-insecure.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-insecure.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-insecure.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-insecure.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-insecure.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-insecure.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-insecure.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-insecure.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-insecure.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-insecure.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-insecure.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-insecure.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-insecure.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-insecure.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-insecure.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-insecure.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-insecure.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-insecure.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-insecure.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-insecure.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-insecure.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-insecure.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-insecure.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-insecure.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-insecure.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-insecure.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-insecure.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-insecure.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-insecure.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-insecure.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-insecure.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-insecure.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-insecure.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-insecure.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-insecure.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-insecure.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-insecure.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-insecure.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-insecure.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-insecure.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-insecure.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-insecure.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-insecure.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/fetch-request/cross-insecure.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/fetch-request/cross-insecure.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/fetch-request/cross-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/iframe-tag/cross-insecure.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/iframe-tag/cross-insecure.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/iframe-tag/cross-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/img-tag/cross-insecure.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/img-tag/cross-insecure.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/img-tag/cross-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/script-tag/cross-insecure.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/script-tag/cross-insecure.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/script-tag/cross-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-insecure.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-insecure.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/fetch-request/same-insecure.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/fetch-request/same-insecure.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/fetch-request/same-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/iframe-tag/same-insecure.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/iframe-tag/same-insecure.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/iframe-tag/same-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/img-tag/same-insecure.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/img-tag/same-insecure.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/img-tag/same-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/script-tag/same-insecure.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/script-tag/same-insecure.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/script-tag/same-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/xhr-request/same-insecure.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/xhr-request/same-insecure.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/xhr-request/same-insecure.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/iframe-tag/generic.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/iframe-tag/generic.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.no-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html.headers2
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/fetch-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/script-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/xhr-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/fetch-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/script-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/xhr-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/fetch-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/iframe-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/script-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/xhr-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/fetch-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/iframe-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/script-tag/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/xhr-request/generic.no-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html41
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html40
-rw-r--r--testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html40
1849 files changed, 57218 insertions, 0 deletions
diff --git a/testing/web-platform/tests/referrer-policy/OWNERS b/testing/web-platform/tests/referrer-policy/OWNERS
new file mode 100644
index 000000000..db2d613c2
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/OWNERS
@@ -0,0 +1 @@
+@kristijanburnik
diff --git a/testing/web-platform/tests/referrer-policy/README.md b/testing/web-platform/tests/referrer-policy/README.md
new file mode 100644
index 000000000..e8e58e71b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/README.md
@@ -0,0 +1,245 @@
+# Referrer-Policy Web Platform Tests
+
+The Referrer-Policy tests are designed for testing browser implementations and conformance to the [W3 Referrer-Policy Specification](http://w3c.github.io/webappsec/specs/referrer-policy/).
+
+## Project structure
+
+The project contains tools, templates and a seed (```spec.src.json```) for generating tests. The main assertion logic resides in JS files in the root of the ```./generic/``` directory.
+
+This is the overview of the project structure:
+
+```
+.
+└── generic
+ ├── subresource - documents being served as sub-resources (python scripts)
+ ├── subresource-test - sanity checking tests for resource invocation
+ ├── template - the test files template used for generating the tests
+ └── tools - for generating and maintaining the test suite
+└── (genereated_tests_for_a_specification_1)
+└── (genereated_tests_for_a_specification_2)
+└── ...
+└── (genereated_tests_for_a_specification_N)
+```
+
+## The spec JSON
+
+The ```spec.src.json``` defines all the test scenarios for the referrer policy.
+
+Invoking ```./generic/tools/generate.py``` will parse the spec JSON and determine which tests to generate (or skip) while using templates.
+
+
+The spec can be validated by running ```./generic/tools/spec_validator.py```. This is specially important when you're making changes to ```spec.src.json```. Make sure it's a valid JSON (no comments or trailing commas). The validator should be informative and very specific on any issues.
+
+For details about the spec JSON, see **Overview of the spec JSON** below.
+
+
+## Generating and running the tests
+
+The repository already contains generated tests, so if you're making changes,
+see the **Removing all generated tests** section below, on how to remove them before you start generating tests which include your changes.
+
+Start from the command line:
+
+```bash
+
+# Chdir into the tests directory.
+cd ~/web-platform-tests/referrer-policy
+
+# Generate the test resources.
+./generic/tools/generate.py
+
+# Add all generated tests to the repo.
+git add * && git commit -m "Add generated tests"
+
+# Regenerate the manifest.
+../manifest
+
+```
+
+Navigate to [http://web-platform.test:8000/tools/runner/index.html](http://web-platform.test:8000/tools/runner/index.html).
+
+Run tests under path: ```/referrer-policy```.
+
+Click start.
+
+
+## Options for generating tests
+
+The generator script ```./generic/tools/generate.py``` has two targets: ```release``` and ```debug```.
+
+* Using **release** for the target will produce tests using a template for optimizing size and performance. The release template is intended for the official web-platform-tests and possibly other test suites. No sanity checking is done in release mode. Use this option whenever you're checking into web-platform-tests.
+
+* When generating for ```debug```, the produced tests will contain more verbosity and sanity checks. Use this target to identify problems with the test suite when making changes locally. Make sure you don't check in tests generated with the debug target.
+
+Note that **release** is the default target when invoking ```generate.py```.
+
+
+## Removing all generated tests
+
+```bash
+# Chdir into the tests directory.
+cd ~/web-platform-tests/referrer-policy
+
+# Remove all generated tests.
+./generic/tools/clean.py
+
+# Remove all generated tests to the repo.
+git add * && git commit -m "Remove generated tests"
+
+# Regenerate the manifest.
+../manifest
+```
+
+**Important:**
+The ```./generic/tools/clean.py``` utility will only work if there is a valid ```spec.src.json``` and previously generated directories match the specification requirement names. So make sure you run ```clean.py``` before you alter the specification section of the spec JSON.
+
+
+## Updating the tests
+
+The main test logic lives in ```./generic/referrer-policy-test-case.js``` with helper functions defined in ```./generic/common.js``` so you should probably start there.
+
+For updating the test suite you will most likely do **a subset** of the following:
+
+* Add a new sub-resource python script to ```./generic/subresource/```,
+ and update the reference to it in ```spec.src.json```.
+
+* Add a sanity check test for a sub-resource to ```./generic/subresource-test/```.
+
+* Implement new or update existing assertions in ```./generic/referrer-policy-test-case.js```.
+
+* Exclude or add some tests by updating ```spec.src.json``` test expansions.
+
+* Update the template files living in ```./generic/template/```.
+
+* Implement a new delivery method via HTTP headers or as part of the test template in ```./generic/tools/generate.py```
+
+* Update the spec schema by editing ```spec.src.json``` while updating the
+ ```./generic/tools/spec_validator.py``` and ```./generic/tools/generate.py```
+ and making sure both still work after the change (by running them).
+
+* Regenerate the tests and MANIFEST.json
+
+
+## Updating the spec and regenerating
+
+When updating the ```spec.src.json```, e.g. by adding a test expansion pattern to the ```excluded_tests``` section or when removing an expansion in the ```specification``` section, make sure to remove all previously generated files which would still get picked up by ```MANIFEST.json``` in the web-platform-tests root. As long as you don't change the specification requirements' names or remove them, you can easily regenerate the tests via command line:
+
+```bash
+
+# Chdir into the tests directory.
+cd ~/web-platform-tests/referrer-policy
+
+# Regenerate the test resources.
+./generic/tools/regenerate
+
+# Add all the tests to the repo.
+git add * && git commit -m "Update generated tests"
+
+# Regenerate the manifest.
+../manifest
+
+
+```
+
+
+## Overview of the spec JSON
+
+**Main sections:**
+
+* **specification**
+
+ Top level requirements with description fields and a ```test_expansion``` rule.
+ This is closely mimicking the [Referrer Policy specification](http://w3c.github.io/webappsec/specs/referrer-policy/) structure.
+
+* **excluded_tests**
+
+ List of ```test_expansion``` patterns expanding into selections which get skipped when generating the tests (aka. blacklisting/suppressing)
+
+* **referrer_policy_schema**
+
+ The schema to validate fields which define the ```referrer_policy``` elsewhere in the JSON.
+ A value for a referrer_policy can only be one specified in the referrer_policy_schema.
+
+* **test_expansion_schema**
+
+ The schema used to check if a ```test_expansion``` is valid.
+ Each test expansion can only contain fields defined by this schema.
+
+* **subresource_path**
+
+ A 1:1 mapping of a **subresource type** to the URL path of the sub-resource.
+ When adding a new sub-resource, a path to an existing file for it also must be specified.
+
+
+### Test Expansion Patterns
+
+Each field in a test expansion can be in one of the following formats:
+
+* Single match: ```"value"```
+
+* Match any of: ```["value1", "value2", ...]```
+
+* Match all: ```"*"```
+
+#### Example: test expansion in a requirement specification
+
+The following example shows how to restrict the expansion of ```referrer_url``` to ```origin``` and allow rest of the arrangement to expand (permute) to all possible values. The name field will be the prefix of a generated HTML file name for the test.
+
+```json
+ {
+ "name": "origin-only",
+ "title": "Referrer Policy is set to 'origin-only'",
+ "description": "Check that all sub-resources in all cases get only the origin portion of the referrer URL.",
+ "specification_url": "https://w3c.github.io/webappsec/specs/referrer-policy/#referrer-policy-state-origin",
+ "referrer_policy": "origin",
+ "test_expansion": [
+ {
+ "name": "generic",
+ "expansion": "default",
+ "source_protocol": "*",
+ "target_protocol": "*",
+ "delivery_method": "*",
+ "redirection": "*",
+ "origin": "*",
+ "subresource": "*",
+ "referrer_url": "origin"
+ }
+ ]
+ }
+```
+
+**NOTE:** An expansion is always constructive (inclusive), there isn't a negation operator for explicit exclusion. Be aware that using an empty list ```[]``` matches (expands into) exactly nothing. Tests which are to be excluded should be defined in the ```excluded_tests``` section instead.
+
+A single test expansion pattern, be it a requirement or a suppressed pattern, gets expanded into a list of **selections** as follows:
+
+* Expand each field's pattern (single, any of, or all) to list of allowed values (defined by the ```test_expansion_schema```)
+
+* Permute - Recursively enumerate all **selections** accross all fields
+
+Be aware that if there is more than one pattern expanding into a same selection (which also shares the same ```name``` field), the pattern appearing later in the spec JSON will overwrite a previously generated selection. To make sure this is not undetected when generating, set the value of the ```expansion``` field to ```default``` for an expansion appearing earlier and ```override``` for the one appearing later.
+
+A **selection** is a single **test instance** (scenario) with explicit values, for example:
+
+```javascript
+var scenario = {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+};
+```
+
+Essentially, this is what gets generated and defines a single test. The scenario is then evaluated by the ```ReferrerPolicyTestCase``` in JS. For the rest of the arranging part, see the ```./generic/template/``` directory and examine ```./generic/tools/generate.py``` to see how the values for the templates are produced.
+
+
+Taking the spec JSON, the generator follows this algorithm:
+
+* Expand all ```excluded_tests``` to create a blacklist of selections
+
+* For each specification requirement: Expand the ```test_expansion``` pattern into selections and check each against the blacklist, if not marked as suppresed, generate the test resources for the selection
+
diff --git a/testing/web-platform/tests/referrer-policy/generic/common.js b/testing/web-platform/tests/referrer-policy/generic/common.js
new file mode 100644
index 000000000..492031859
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/generic/common.js
@@ -0,0 +1,212 @@
+// NOTE: This method only strips the fragment and is not in accordance to the
+// recommended draft specification:
+// https://w3c.github.io/webappsec/specs/referrer-policy/#null
+// TODO(kristijanburnik): Implement this helper as defined by spec once added
+// scenarios for URLs containing username/password/etc.
+function stripUrlForUseAsReferrer(url) {
+ return url.replace(/#.*$/, "");
+}
+
+function parseUrlQueryString(queryString) {
+ var queries = queryString.replace(/^\?/, "").split("&");
+ var params = {};
+
+ for (var i in queries) {
+ var kvp = queries[i].split("=");
+ params[kvp[0]] = kvp[1];
+ }
+
+ return params;
+};
+
+function appendIframeToBody(url, attributes) {
+ var iframe = document.createElement("iframe");
+ iframe.src = url;
+ // Extend element with attributes. (E.g. "referrerPolicy" or "rel")
+ if (attributes) {
+ for (var attr in attributes) {
+ iframe[attr] = attributes[attr];
+ }
+ }
+ document.body.appendChild(iframe);
+
+ return iframe;
+}
+
+function loadImage(src, callback, attributes) {
+ var image = new Image();
+ image.crossOrigin = "Anonymous";
+ image.onload = function() {
+ callback(image);
+ }
+ image.src = src;
+ // Extend element with attributes. (E.g. "referrerPolicy" or "rel")
+ if (attributes) {
+ for (var attr in attributes) {
+ image[attr] = attributes[attr];
+ }
+ }
+ document.body.appendChild(image)
+}
+
+function decodeImageData(rgba) {
+ var rgb = new Uint8ClampedArray(rgba.length);
+
+ // RGBA -> RGB.
+ var rgb_length = 0;
+ for (var i = 0; i < rgba.length; ++i) {
+ // Skip alpha component.
+ if (i % 4 == 3)
+ continue;
+
+ // Zero is the string terminator.
+ if (rgba[i] == 0)
+ break;
+
+ rgb[rgb_length++] = rgba[i];
+ }
+
+ // Remove trailing nulls from data.
+ rgb = rgb.subarray(0, rgb_length);
+ var string_data = (new TextDecoder("ascii")).decode(rgb);
+
+ return JSON.parse(string_data);
+}
+
+function decodeImage(url, callback, referrer_policy) {
+ loadImage(url, function(img) {
+ var canvas = document.createElement("canvas");
+ var context = canvas.getContext('2d');
+ context.drawImage(img, 0, 0);
+ var imgData = context.getImageData(0, 0, img.clientWidth, img.clientHeight);
+ callback(decodeImageData(imgData.data))
+ }, referrer_policy);
+}
+
+function normalizePort(targetPort) {
+ var defaultPorts = [80, 443];
+ var isDefaultPortForProtocol = (defaultPorts.indexOf(targetPort) >= 0);
+
+ return (targetPort == "" || isDefaultPortForProtocol) ?
+ "" : ":" + targetPort;
+}
+
+function wrapResult(url, server_data) {
+ return {
+ location: url,
+ referrer: server_data.headers.referer,
+ headers: server_data.headers
+ }
+}
+
+function queryIframe(url, callback, referrer_policy) {
+ var iframe = appendIframeToBody(url, referrer_policy);
+ var listener = function(event) {
+ if (event.source != iframe.contentWindow)
+ return;
+
+ callback(event.data, url);
+ window.removeEventListener("message", listener);
+ }
+ window.addEventListener("message", listener);
+}
+
+function queryImage(url, callback, referrer_policy) {
+ decodeImage(url, function(server_data) {
+ callback(wrapResult(url, server_data), url);
+ }, referrer_policy)
+}
+
+function queryXhr(url, callback) {
+ var xhr = new XMLHttpRequest();
+ xhr.open('GET', url, true);
+ xhr.onreadystatechange = function(e) {
+ if (this.readyState == 4 && this.status == 200) {
+ var server_data = JSON.parse(this.responseText);
+ callback(wrapResult(url, server_data), url);
+ }
+ };
+ xhr.send();
+}
+
+function queryWorker(url, callback) {
+ var worker = new Worker(url);
+ worker.onmessage = function(event) {
+ var server_data = event.data;
+ callback(wrapResult(url, server_data), url);
+ };
+}
+
+function queryFetch(url, callback) {
+ fetch(url).then(function(response) {
+ response.json().then(function(server_data) {
+ callback(wrapResult(url, server_data), url);
+ });
+ }
+ );
+}
+
+function queryNavigable(element, url, callback, attributes) {
+ var navigable = element
+ navigable.href = url;
+ navigable.target = "helper-iframe";
+
+ var helperIframe = document.createElement("iframe")
+ helperIframe.name = "helper-iframe"
+ document.body.appendChild(helperIframe)
+
+ // Extend element with attributes. (E.g. "referrer_policy" or "rel")
+ if (attributes) {
+ for (var attr in attributes) {
+ navigable[attr] = attributes[attr];
+ }
+ }
+
+ var listener = function(event) {
+ if (event.source != helperIframe.contentWindow)
+ return;
+
+ callback(event.data, url);
+ window.removeEventListener("message", listener);
+ }
+ window.addEventListener("message", listener);
+
+ navigable.click();
+}
+
+function queryLink(url, callback, referrer_policy) {
+ var a = document.createElement("a");
+ a.innerHTML = "Link to subresource";
+ document.body.appendChild(a);
+ queryNavigable(a, url, callback, referrer_policy)
+}
+
+function queryAreaLink(url, callback, referrer_policy) {
+ var area = document.createElement("area");
+ // TODO(kristijanburnik): Append to map and add image.
+ document.body.appendChild(area);
+ queryNavigable(area, url, callback, referrer_policy)
+}
+
+function queryScript(url, callback) {
+ var script = document.createElement("script");
+ script.src = url;
+
+ var listener = function(event) {
+ var server_data = event.data;
+ callback(wrapResult(url, server_data), url);
+ window.removeEventListener("message", listener);
+ }
+ window.addEventListener("message", listener);
+
+ document.body.appendChild(script);
+}
+
+ // SanityChecker does nothing in release mode.
+function SanityChecker() {}
+SanityChecker.prototype.checkScenario = function() {};
+SanityChecker.prototype.checkSubresourceResult = function() {};
+
+// TODO(kristijanburnik): document.origin is supported since Chrome 41,
+// other browsers still don't support it. Remove once they do.
+document.origin = document.origin || (location.protocol + "//" + location.host);
diff --git a/testing/web-platform/tests/referrer-policy/generic/referrer-policy-test-case.js b/testing/web-platform/tests/referrer-policy/generic/referrer-policy-test-case.js
new file mode 100644
index 000000000..c4cf96fb0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/generic/referrer-policy-test-case.js
@@ -0,0 +1,125 @@
+function ReferrerPolicyTestCase(scenario, testDescription, sanityChecker) {
+ // Pass and skip rest of the test if browser does not support fetch.
+ if (scenario.subresource == "fetch-request" && !window.fetch) {
+ // TODO(kristijanburnik): This should be refactored.
+ return {
+ start: function() {
+ test(function() { assert_true(true); },
+ "[ReferrerPolicyTestCase] Skipping test: Fetch is not supported.");
+ }
+ };
+ }
+
+ // This check is A NOOP in release.
+ sanityChecker.checkScenario(scenario);
+
+ var subresourceInvoker = {
+ "a-tag": queryLink,
+ "area-tag": queryAreaLink,
+ "fetch-request": queryFetch,
+ "iframe-tag": queryIframe,
+ "img-tag": queryImage,
+ "script-tag": queryScript,
+ "worker-request": queryWorker,
+ "xhr-request": queryXhr
+ };
+
+ var referrerUrlResolver = {
+ "omitted": function() {
+ return undefined;
+ },
+ "origin": function() {
+ return document.origin + "/";
+ },
+ "stripped-referrer": function() {
+ return stripUrlForUseAsReferrer(location.toString());
+ }
+ };
+
+ var t = {
+ _scenario: scenario,
+ _testDescription: testDescription,
+ _subresourceUrl: null,
+ _expectedReferrerUrl: null,
+ _constructSubresourceUrl: function() {
+ // TODO(kristijanburnik): We should assert that these two domains are
+ // different. E.g. If someone runs the tets over www, this would fail.
+ var domainForOrigin = {
+ "cross-origin":"{{domains[www1]}}",
+ "same-origin": location.hostname
+ };
+
+ // Values obtained and replaced by the wptserve pipeline:
+ // http://wptserve.readthedocs.org/en/latest/pipes.html#built-in-pipes
+ var portForProtocol = {
+ "http": parseInt("{{ports[http][0]}}"),
+ "https": parseInt("{{ports[https][0]}}")
+ }
+
+ var targetPort = portForProtocol[t._scenario.target_protocol];
+
+ t._subresourceUrl = t._scenario.target_protocol + "://" +
+ domainForOrigin[t._scenario.origin] +
+ normalizePort(targetPort) +
+ t._scenario["subresource_path"] +
+ "?redirection=" + t._scenario["redirection"] +
+ "&cache_destroyer=" + (new Date()).getTime();
+ },
+
+ _constructExpectedReferrerUrl: function() {
+ t._expectedReferrerUrl = referrerUrlResolver[t._scenario.referrer_url]();
+ },
+
+ _invokeSubresource: function(callback) {
+ var invoker = subresourceInvoker[t._scenario.subresource];
+
+ // Depending on the delivery method, extend the subresource element with
+ // these attributes.
+ var elementAttributesForDeliveryMethod = {
+ "attr-referrer": {referrerPolicy: t._scenario.referrer_policy},
+ "rel-noreferrer": {rel: "noreferrer"}
+ };
+
+ var delivery_method = t._scenario.delivery_method;
+
+ if (delivery_method in elementAttributesForDeliveryMethod) {
+ invoker(t._subresourceUrl,
+ callback,
+ elementAttributesForDeliveryMethod[delivery_method]);
+ } else {
+ invoker(t._subresourceUrl, callback);
+ }
+
+ },
+
+ start: function() {
+ t._constructSubresourceUrl();
+ t._constructExpectedReferrerUrl();
+
+ var test = async_test(t._testDescription);
+
+ t._invokeSubresource(function(result) {
+ // Check if the result is in valid format. NOOP in release.
+ sanityChecker.checkSubresourceResult(
+ test, t._scenario, t._subresourceUrl, result);
+
+ // Check the reported URL.
+ test.step(function() {
+ assert_equals(result.referrer,
+ t._expectedReferrerUrl,
+ "Reported Referrer URL is '" +
+ t._scenario.referrer_url + "'.");
+ assert_equals(result.headers.referer,
+ t._expectedReferrerUrl,
+ "Reported Referrer URL from HTTP header is '" +
+ t._expectedReferrerUrl + "'");
+ }, "Reported Referrer URL is as expected: " + t._scenario.referrer_url);
+
+ test.done();
+ })
+
+ }
+ }
+
+ return t;
+}
diff --git a/testing/web-platform/tests/referrer-policy/generic/sanity-checker.js b/testing/web-platform/tests/referrer-policy/generic/sanity-checker.js
new file mode 100644
index 000000000..e0714885f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/generic/sanity-checker.js
@@ -0,0 +1,52 @@
+// The SanityChecker is used in debug mode to identify problems with the
+// structure of the testsuite. In release mode it is mocked out to do nothing.
+
+function SanityChecker() {}
+
+SanityChecker.prototype.checkScenario = function(scenario) {
+ // Check if scenario is valid.
+ // TODO(kristijanburnik): Move to a sanity-checks.js for debug mode only.
+ test(function() {
+
+ // We extend the exsiting test_expansion_schema not to kill performance by
+ // copying.
+ var expectedFields = SPEC_JSON["test_expansion_schema"];
+ expectedFields["referrer_policy"] = SPEC_JSON["referrer_policy_schema"];
+
+ assert_own_property(scenario, "subresource_path",
+ "Scenario has the path to the subresource.");
+
+ for (var field in expectedFields) {
+ assert_own_property(scenario, field,
+ "The scenario contains field " + field)
+ assert_in_array(scenario[field], expectedFields[field],
+ "Scenario's " + field + " is one of: " +
+ expectedFields[field].join(", ")) + "."
+ }
+
+ // Check if the protocol is matched.
+ assert_equals(scenario["source_protocol"] + ":", location.protocol,
+ "Protocol of the test page should match the scenario.")
+
+ }, "[ReferrerPolicyTestCase] The test scenario is valid.");
+}
+
+SanityChecker.prototype.checkSubresourceResult = function(test,
+ scenario,
+ subresourceUrl,
+ result) {
+ test.step(function() {
+ assert_equals(Object.keys(result).length, 3);
+ assert_own_property(result, "location");
+ assert_own_property(result, "referrer");
+ assert_own_property(result, "headers");
+
+ // Skip location check for scripts.
+ if (scenario.subresource == "script-tag")
+ return;
+
+ // Sanity check: location of sub-resource matches reported location.
+ assert_equals(result.location, subresourceUrl,
+ "Subresource reported location.");
+ }, "Running a valid test scenario.");
+};
diff --git a/testing/web-platform/tests/referrer-policy/generic/subresource-test/area-navigate.html b/testing/web-platform/tests/referrer-policy/generic/subresource-test/area-navigate.html
new file mode 100644
index 000000000..bca7e479f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/generic/subresource-test/area-navigate.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- TODO(kristijanburnik): Remove subres. duplication. Reuse a template. -->
+<html>
+ <head>
+ <title>Area Link messaging - cross-origin Area Link navigation</title>
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- Common global functions for referrer-policy tests. -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ </head>
+ <body>
+ <h1>Area Link messaging - cross-origin Area Link navigation</h1>
+ <p>If you can read JSON encoded HTTP request headers of the Area link below,
+ the messaging works as expected.</p>
+
+ <pre id="received_message">Running...</pre>
+
+ <script>
+ var messaging_test = async_test("Area is responding with HTTP headers");
+ var urlPath = '/referrer-policy/generic/subresource/document.py';
+ var url = location.protocol + "//www1." + location.hostname + ":" + location.port +
+ urlPath;
+ queryAreaLink(url, function(message) {
+ var pre = document.getElementById('received_message')
+ var headers = message.headers;
+ pre.innerHTML = "";
+ pre.innerHTML += url + ":\n\n";
+ pre.innerHTML += JSON.stringify(headers, null, 2) + "\n\n"
+ messaging_test.step(function() {
+ assert_own_property(headers, "host")
+ assert_own_property(headers, "connection")
+ });
+ messaging_test.done();
+ });
+ </script>
+
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/generic/subresource-test/attr-referrer-invalid-value.html b/testing/web-platform/tests/referrer-policy/generic/subresource-test/attr-referrer-invalid-value.html
new file mode 100644
index 000000000..9bc74f54a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/generic/subresource-test/attr-referrer-invalid-value.html
@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<html>
+ <head>
+ <title>Invalid referrerPolicy attribute value</title>
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ </head>
+ <body>
+ <h1>Invalid referrerPolicy attribute value</h1>
+ <pre>Running...</pre>
+
+ <script>
+ test(function () {
+ var elements = ["iframe", "img", "a", "area", "link"];
+ for (var i = 0; i < elements.length; i++) {
+ var elem = document.createElement(elements[i]);
+ elem.referrerPolicy = "unsafe-url";
+ assert_equals(elem.referrerPolicy, "unsafe-url");
+ elem.referrerPolicy = "not-valid-value";
+ assert_equals(elem.referrerPolicy, "");
+ }
+ }, "Invalid referrerpolicy values not reflected");
+ </script>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/generic/subresource-test/fetch-messaging.html b/testing/web-platform/tests/referrer-policy/generic/subresource-test/fetch-messaging.html
new file mode 100644
index 000000000..046b29e9a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/generic/subresource-test/fetch-messaging.html
@@ -0,0 +1,48 @@
+<!DOCTYPE html>
+<!-- TODO(kristijanburnik): Remove subres. duplication. Reuse a template. -->
+<html>
+ <head>
+ <title>Fetch messaging - same-origin Fetch request</title>
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- Common global functions for referrer-policy tests. -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ </head>
+ <body>
+ <h1>Fetch messaging - same-origin Fetch request</h1>
+ <p>If you can read JSON encoded HTTP request headers of the Fetch below,
+ the messaging works as expected.</p>
+
+ <pre id="received_message">Running...</pre>
+
+ <script>
+ test(function() {
+ assert_true(!!window.fetch, "Fetch is not supported by this browser.");
+ }, "Fetch is supported by the browser.");
+
+ (function() {
+ if (!window.fetch)
+ return;
+
+ var fetch_test = async_test("Fetch is responding with HTTP headers");
+ var urlPath = '/referrer-policy/generic/subresource/xhr.py';
+ var url = location.protocol + "//" + location.hostname + ":" +
+ location.port + urlPath;
+ queryFetch(url, function(message) {
+ var pre = document.getElementById('received_message')
+ var headers = message.headers;
+ pre.innerHTML = "";
+ pre.innerHTML += url + ":\n\n";
+ pre.innerHTML += JSON.stringify(headers, null, 2) + "\n\n";
+ fetch_test.step(function() {
+ assert_own_property(headers, "host")
+ assert_own_property(headers, "connection")
+ });
+ fetch_test.done();
+ });
+ })();
+ </script>
+
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/generic/subresource-test/iframe-messaging.html b/testing/web-platform/tests/referrer-policy/generic/subresource-test/iframe-messaging.html
new file mode 100644
index 000000000..a3e55707c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/generic/subresource-test/iframe-messaging.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- TODO(kristijanburnik): Remove subres. duplication. Reuse a template. -->
+<html>
+ <head>
+ <title>Iframe messaging - cross-origin iframe request</title>
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- Common global functions for referrer-policy tests. -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ </head>
+ <body>
+ <h1>Iframe messaging - cross-origin iframe request</h1>
+ <p>If you can read JSON encoded HTTP request headers of the iframe below,
+ the messaging works as expected.</p>
+
+ <pre id="received_message">Running...</pre>
+
+ <script>
+ var messaging_test = async_test("Iframe is responding with HTTP headers");
+ var urlPath = '/referrer-policy/generic/subresource/document.py';
+ var url = location.protocol + "//www1." + location.hostname + ":" + location.port +
+ urlPath;
+ queryIframe(url, function(message) {
+ var pre = document.getElementById('received_message')
+ var headers = message.headers;
+ pre.innerHTML = "";
+ pre.innerHTML += url + ":\n\n";
+ pre.innerHTML += JSON.stringify(headers, null, 2) + "\n\n"
+ messaging_test.step(function() {
+ assert_own_property(headers, "host")
+ assert_own_property(headers, "connection")
+ });
+ messaging_test.done();
+ });
+ </script>
+
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/generic/subresource-test/image-decoding.html b/testing/web-platform/tests/referrer-policy/generic/subresource-test/image-decoding.html
new file mode 100644
index 000000000..083fb829a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/generic/subresource-test/image-decoding.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- TODO(kristijanburnik): Remove subres. duplication. Reuse a template. -->
+<html>
+ <head>
+ <title>Image decoding - cross-origin image request</title>
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- Common global functions for referrer-policy tests. -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ </head>
+ <body>
+ <h1>Image decoding - cross-origin image request</h1>
+ <p>If you can read JSON encoded HTTP headers of the image below,
+ the decoding works as expected.</p>
+
+ <pre id="received_message">Running...</pre>
+
+ <script>
+ var messaging_test = async_test("Image is encoding headers as JSON.");
+ var urlPath = '/referrer-policy/generic/subresource/image.py';
+ var url = location.protocol + "//www1." + location.hostname + ":" + location.port +
+ urlPath;
+ queryImage(url, function(message) {
+ var pre = document.getElementById('received_message')
+ var headers = message.headers;
+ pre.innerHTML = "";
+ pre.innerHTML += url + ":\n\n";
+ pre.innerHTML += JSON.stringify(headers, null, 2) + "\n\n"
+ messaging_test.step(function() {
+ assert_own_property(headers, "host")
+ assert_own_property(headers, "connection")
+ });
+ messaging_test.done();
+ });
+ </script>
+
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/generic/subresource-test/link-navigate.html b/testing/web-platform/tests/referrer-policy/generic/subresource-test/link-navigate.html
new file mode 100644
index 000000000..45e502004
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/generic/subresource-test/link-navigate.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- TODO(kristijanburnik): Remove subres. duplication. Reuse a template. -->
+<html>
+ <head>
+ <title>Link messaging - cross-origin Link navigation</title>
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- Common global functions for referrer-policy tests. -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ </head>
+ <body>
+ <h1>Link messaging - cross-origin Link navigation</h1>
+ <p>If you can read JSON encoded HTTP request headers of the Link below,
+ the messaging works as expected.</p>
+
+ <pre id="received_message">Running...</pre>
+
+ <script>
+ var messaging_test = async_test("Link is responding with HTTP headers");
+ var urlPath = '/referrer-policy/generic/subresource/document.py';
+ var url = location.protocol + "//www1." + location.hostname + ":" + location.port +
+ urlPath;
+ queryLink(url, function(message) {
+ var pre = document.getElementById('received_message')
+ var headers = message.headers;
+ pre.innerHTML = "";
+ pre.innerHTML += url + ":\n\n";
+ pre.innerHTML += JSON.stringify(headers, null, 2) + "\n\n"
+ messaging_test.step(function() {
+ assert_own_property(headers, "host")
+ assert_own_property(headers, "connection")
+ });
+ messaging_test.done();
+ });
+ </script>
+
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/generic/subresource-test/script-messaging.html b/testing/web-platform/tests/referrer-policy/generic/subresource-test/script-messaging.html
new file mode 100644
index 000000000..09c5db619
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/generic/subresource-test/script-messaging.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- TODO(kristijanburnik): Remove subres. duplication. Reuse a template. -->
+<html>
+ <head>
+ <title>Script messaging - cross-origin Script request</title>
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- Common global functions for referrer-policy tests. -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ </head>
+ <body>
+ <h1>Script messaging - cross-origin Script request</h1>
+ <p>If you can read JSON encoded HTTP request headers of the Script below,
+ the messaging works as expected.</p>
+
+ <pre id="received_message">Running...</pre>
+
+ <script>
+ var messaging_test = async_test("Script is responding with HTTP headers");
+ var urlPath = '/referrer-policy/generic/subresource/script.py';
+ var url = location.protocol + "//www1." + location.hostname + ":" + location.port +
+ urlPath;
+ queryScript(url, function(message) {
+ var pre = document.getElementById('received_message')
+ var headers = message.headers;
+ pre.innerHTML = "";
+ pre.innerHTML += url + ":\n\n";
+ pre.innerHTML += JSON.stringify(headers, null, 2) + "\n\n"
+ messaging_test.step(function() {
+ assert_own_property(headers, "host")
+ assert_own_property(headers, "connection")
+ });
+ messaging_test.done();
+ });
+ </script>
+
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/generic/subresource-test/worker-messaging.html b/testing/web-platform/tests/referrer-policy/generic/subresource-test/worker-messaging.html
new file mode 100644
index 000000000..6d34366b9
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/generic/subresource-test/worker-messaging.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- TODO(kristijanburnik): Remove subres. duplication. Reuse a template. -->
+<html>
+ <head>
+ <title>Worker messaging - same-origin Worker request</title>
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- Common global functions for referrer-policy tests. -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ </head>
+ <body>
+ <h1>Worker messaging - same-origin Worker request</h1>
+ <p>If you can read JSON encoded HTTP request headers of the Worker below,
+ the messaging works as expected.</p>
+
+ <pre id="received_message">Running...</pre>
+
+ <script>
+ var messaging_test = async_test("Worker is responding with HTTP headers");
+ var urlPath = '/referrer-policy/generic/subresource/worker.py';
+ var url = location.protocol + "//" + location.hostname + ":" +
+ location.port + urlPath;
+ queryWorker(url, function(message) {
+ var pre = document.getElementById('received_message')
+ var headers = message.headers;
+ pre.innerHTML = "";
+ pre.innerHTML += url + ":\n\n";
+ pre.innerHTML += JSON.stringify(headers, null, 2) + "\n\n"
+ messaging_test.step(function() {
+ assert_own_property(headers, "host")
+ assert_own_property(headers, "connection")
+ });
+ messaging_test.done();
+ });
+ </script>
+
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/generic/subresource-test/xhr-messaging.html b/testing/web-platform/tests/referrer-policy/generic/subresource-test/xhr-messaging.html
new file mode 100644
index 000000000..09f691400
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/generic/subresource-test/xhr-messaging.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- TODO(kristijanburnik): Remove subres. duplication. Reuse a template. -->
+<html>
+ <head>
+ <title>XHR messaging - cross-origin XHR request</title>
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- Common global functions for referrer-policy tests. -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ </head>
+ <body>
+ <h1>XHR messaging - cross-origin XHR request</h1>
+ <p>If you can read JSON encoded HTTP request headers of the XHR below,
+ the messaging works as expected.</p>
+
+ <pre id="received_message">Running...</pre>
+
+ <script>
+ var messaging_test = async_test("XHR is responding with HTTP headers");
+ var urlPath = '/referrer-policy/generic/subresource/xhr.py';
+ var url = location.protocol + "//www1." + location.hostname + ":" + location.port +
+ urlPath;
+ queryXhr(url, function(message) {
+ var pre = document.getElementById('received_message')
+ var headers = message.headers;
+ pre.innerHTML = "";
+ pre.innerHTML += url + ":\n\n";
+ pre.innerHTML += JSON.stringify(headers, null, 2) + "\n\n"
+ messaging_test.step(function() {
+ assert_own_property(headers, "host")
+ assert_own_property(headers, "connection")
+ });
+ messaging_test.done();
+ });
+ </script>
+
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/generic/subresource/__init__.py b/testing/web-platform/tests/referrer-policy/generic/subresource/__init__.py
new file mode 100755
index 000000000..e69de29bb
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/generic/subresource/__init__.py
diff --git a/testing/web-platform/tests/referrer-policy/generic/subresource/document.py b/testing/web-platform/tests/referrer-policy/generic/subresource/document.py
new file mode 100644
index 000000000..b2d6c4dfa
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/generic/subresource/document.py
@@ -0,0 +1,12 @@
+import os, json, sys
+sys.path.insert(0, os.path.dirname(os.path.abspath(__file__)))
+
+import subresource
+
+def generate_payload(server_data):
+ return subresource.get_template("document.html.template") % server_data
+
+def main(request, response):
+ subresource.respond(request,
+ response,
+ payload_generator = generate_payload)
diff --git a/testing/web-platform/tests/referrer-policy/generic/subresource/image.py b/testing/web-platform/tests/referrer-policy/generic/subresource/image.py
new file mode 100644
index 000000000..b6306181e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/generic/subresource/image.py
@@ -0,0 +1,100 @@
+import os, sys, array, json, math, StringIO
+sys.path.insert(0, os.path.dirname(os.path.abspath(__file__)))
+import subresource
+
+class Image:
+ """This class partially implements the interface of the PIL.Image.Image.
+ One day in the future WPT might support the PIL module or another imaging
+ library, so this hacky BMP implementation will no longer be required.
+ """
+ def __init__(self, width, height):
+ self.width = width
+ self.height = height
+ self.img = bytearray([0 for i in range(3 * width * height)])
+
+ @staticmethod
+ def new(mode, size, color=0):
+ return Image(size[0], size[1])
+
+ def _int_to_bytes(self, number):
+ packed_bytes = [0, 0, 0, 0]
+ for i in range(4):
+ packed_bytes[i] = number & 0xFF
+ number >>= 8
+
+ return packed_bytes
+
+ def putdata(self, color_data):
+ for y in range(self.height):
+ for x in range(self.width):
+ i = x + y * self.width
+ if i > len(color_data) - 1:
+ return
+
+ self.img[i * 3: i * 3 + 3] = color_data[i][::-1]
+
+ def save(self, f, type):
+ assert type == "BMP"
+ # 54 bytes of preambule + image color data.
+ filesize = 54 + 3 * self.width * self.height;
+ # 14 bytes of header.
+ bmpfileheader = bytearray(['B', 'M'] + self._int_to_bytes(filesize) +
+ [0, 0, 0, 0, 54, 0, 0, 0])
+ # 40 bytes of info.
+ bmpinfoheader = bytearray([40, 0, 0, 0] +
+ self._int_to_bytes(self.width) +
+ self._int_to_bytes(self.height) +
+ [1, 0, 24] + (25 * [0]))
+
+ padlength = (4 - (self.width * 3) % 4) % 4
+ bmppad = bytearray([0, 0, 0]);
+ padding = bmppad[0 : padlength]
+
+ f.write(bmpfileheader)
+ f.write(bmpinfoheader)
+
+ for i in range(self.height):
+ offset = self.width * (self.height - i - 1) * 3
+ f.write(self.img[offset : offset + 3 * self.width])
+ f.write(padding)
+
+def encode_string_as_bmp_image(string_data):
+ data_bytes = array.array("B", string_data)
+ num_bytes = len(data_bytes)
+
+ # Convert data bytes to color data (RGB).
+ color_data = []
+ num_components = 3
+ rgb = [0] * num_components
+ i = 0
+ for byte in data_bytes:
+ component_index = i % num_components
+ rgb[component_index] = byte
+ if component_index == (num_components - 1) or i == (num_bytes - 1):
+ color_data.append(tuple(rgb))
+ rgb = [0] * num_components
+ i += 1
+
+ # Render image.
+ num_pixels = len(color_data)
+ sqrt = int(math.ceil(math.sqrt(num_pixels)))
+ img = Image.new("RGB", (sqrt, sqrt), "black")
+ img.putdata(color_data)
+
+ # Flush image to string.
+ f = StringIO.StringIO()
+ img.save(f, "BMP")
+ f.seek(0)
+
+ return f.read()
+
+def generate_payload(server_data):
+ data = ('{"headers": %(headers)s}') % server_data
+ return encode_string_as_bmp_image(data)
+
+def main(request, response):
+ subresource.respond(request,
+ response,
+ payload_generator = generate_payload,
+ content_type = "image/bmp",
+ access_control_allow_origin = "*")
diff --git a/testing/web-platform/tests/referrer-policy/generic/subresource/script.py b/testing/web-platform/tests/referrer-policy/generic/subresource/script.py
new file mode 100644
index 000000000..efa1a955d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/generic/subresource/script.py
@@ -0,0 +1,13 @@
+import os, sys, json
+sys.path.insert(0, os.path.dirname(os.path.abspath(__file__)))
+import subresource
+
+def generate_payload(server_data):
+ return subresource.get_template("script.js.template") % server_data
+
+def main(request, response):
+ subresource.respond(request,
+ response,
+ payload_generator = generate_payload,
+ content_type = "application/javascript")
+
diff --git a/testing/web-platform/tests/referrer-policy/generic/subresource/subresource.py b/testing/web-platform/tests/referrer-policy/generic/subresource/subresource.py
new file mode 100644
index 000000000..7571b32d0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/generic/subresource/subresource.py
@@ -0,0 +1,94 @@
+import os, sys, json, urlparse, urllib
+
+def get_template(template_basename):
+ script_directory = os.path.dirname(os.path.abspath(__file__))
+ template_directory = os.path.abspath(os.path.join(script_directory,
+ "..",
+ "template"))
+ template_filename = os.path.join(template_directory, template_basename);
+
+ with open(template_filename, "r") as f:
+ return f.read()
+
+# TODO(kristijanburnik): subdomain_prefix is a hardcoded value aligned with
+# referrer-policy-test-case.js. The prefix should be configured in one place.
+def get_swapped_origin_netloc(netloc, subdomain_prefix = "www1."):
+ if netloc.startswith(subdomain_prefix):
+ return netloc[len(subdomain_prefix):]
+ else:
+ return subdomain_prefix + netloc
+
+def create_redirect_url(request, cross_origin = False):
+ parsed = urlparse.urlsplit(request.url)
+ destination_netloc = parsed.netloc
+ if cross_origin:
+ destination_netloc = get_swapped_origin_netloc(parsed.netloc)
+
+ destination_url = urlparse.urlunsplit(urlparse.SplitResult(
+ scheme = parsed.scheme,
+ netloc = destination_netloc,
+ path = parsed.path,
+ query = None,
+ fragment = None))
+
+ return destination_url
+
+
+def redirect(url, response):
+ response.add_required_headers = False
+ response.writer.write_status(301)
+ response.writer.write_header("access-control-allow-origin", "*")
+ response.writer.write_header("location", url)
+ response.writer.end_headers()
+ response.writer.write("")
+
+
+def preprocess_redirection(request, response):
+ if "redirection" not in request.GET:
+ return False
+
+ redirection = request.GET["redirection"]
+
+ if redirection == "no-redirect":
+ return False
+ elif redirection == "keep-origin-redirect":
+ redirect_url = create_redirect_url(request, cross_origin = False)
+ elif redirection == "swap-origin-redirect":
+ redirect_url = create_redirect_url(request, cross_origin = True)
+ else:
+ raise ValueError("Invalid redirection type '%s'" % redirection)
+
+ redirect(redirect_url, response)
+ return True
+
+
+def __noop(request, response):
+ return ""
+
+
+def respond(request,
+ response,
+ status_code = 200,
+ content_type = "text/html",
+ payload_generator = __noop,
+ cache_control = "no-cache; must-revalidate",
+ access_control_allow_origin = "*"):
+ if preprocess_redirection(request, response):
+ return
+
+ response.add_required_headers = False
+ response.writer.write_status(status_code)
+
+ if access_control_allow_origin != None:
+ response.writer.write_header("access-control-allow-origin",
+ access_control_allow_origin)
+ response.writer.write_header("content-type", content_type)
+ response.writer.write_header("cache-control", cache_control)
+ response.writer.end_headers()
+
+ server_data = {"headers": json.dumps(request.headers, indent = 4)}
+
+ payload = payload_generator(server_data)
+ response.writer.write(payload)
+
+
diff --git a/testing/web-platform/tests/referrer-policy/generic/subresource/worker.py b/testing/web-platform/tests/referrer-policy/generic/subresource/worker.py
new file mode 100644
index 000000000..895bc0d84
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/generic/subresource/worker.py
@@ -0,0 +1,12 @@
+import os, sys, json
+sys.path.insert(0, os.path.dirname(os.path.abspath(__file__)))
+import subresource
+
+def generate_payload(server_data):
+ return subresource.get_template("worker.js.template") % server_data
+
+def main(request, response):
+ subresource.respond(request,
+ response,
+ payload_generator = generate_payload,
+ content_type = "application/javascript")
diff --git a/testing/web-platform/tests/referrer-policy/generic/subresource/xhr.py b/testing/web-platform/tests/referrer-policy/generic/subresource/xhr.py
new file mode 100755
index 000000000..45f38159c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/generic/subresource/xhr.py
@@ -0,0 +1,15 @@
+import os, sys, json
+sys.path.insert(0, os.path.dirname(os.path.abspath(__file__)))
+import subresource
+
+def generate_payload(server_data):
+ data = ('{"headers": %(headers)s}') % server_data
+ return data
+
+def main(request, response):
+ subresource.respond(request,
+ response,
+ payload_generator = generate_payload,
+ access_control_allow_origin = "*",
+ content_type = "application/json")
+
diff --git a/testing/web-platform/tests/referrer-policy/generic/template/disclaimer.template b/testing/web-platform/tests/referrer-policy/generic/template/disclaimer.template
new file mode 100644
index 000000000..66c43ed6f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/generic/template/disclaimer.template
@@ -0,0 +1 @@
+<!-- DO NOT EDIT! Generated by %(generating_script_filename)s using %(html_template_filename)s. -->
diff --git a/testing/web-platform/tests/referrer-policy/generic/template/document.html.template b/testing/web-platform/tests/referrer-policy/generic/template/document.html.template
new file mode 100644
index 000000000..141711c14
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/generic/template/document.html.template
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html>
+ <head>
+ <title>This page reports back it's request details to the parent frame</title>
+ </head>
+ <body>
+ <script>
+ var result = {
+ location: document.location.toString(),
+ referrer: document.referrer.length > 0 ? document.referrer : undefined,
+ headers: %(headers)s
+ };
+ parent.postMessage(result, "*");
+ </script>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/generic/template/script.js.template b/testing/web-platform/tests/referrer-policy/generic/template/script.js.template
new file mode 100644
index 000000000..e2edf2181
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/generic/template/script.js.template
@@ -0,0 +1,3 @@
+postMessage({
+ "headers": %(headers)s
+}, "*");
diff --git a/testing/web-platform/tests/referrer-policy/generic/template/spec_json.js.template b/testing/web-platform/tests/referrer-policy/generic/template/spec_json.js.template
new file mode 100644
index 000000000..e4cbd0342
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/generic/template/spec_json.js.template
@@ -0,0 +1 @@
+var SPEC_JSON = %(spec_json)s;
diff --git a/testing/web-platform/tests/referrer-policy/generic/template/test.debug.html.template b/testing/web-platform/tests/referrer-policy/generic/template/test.debug.html.template
new file mode 100644
index 000000000..0faf63bdd
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/generic/template/test.debug.html.template
@@ -0,0 +1,70 @@
+<!DOCTYPE html>
+%(generated_disclaimer)s
+<html>
+ <head>
+ <title>Referrer-Policy: %(spec_title)s</title>%(meta_delivery_method)s
+ <meta name="description" content="%(spec_description)s">
+ <meta name="assert" content="%(test_description)s">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- Common global functions for referrer-policy tests. -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <!-- The original specification JSON for validating the scenario. -->
+ <script src="/referrer-policy/spec_json.js"></script>
+ <!-- Internal checking of the tests -->
+ <script src="/referrer-policy/generic/sanity-checker.js"></script>
+ <!-- Simple wrapper API for all referrer-policy test cases. -->
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <h1>%(spec_title)s</h1>
+ <h2>%(spec_description)s</h2>
+
+ <p>
+ <script>
+ // Show the detailed assertion description of the test.
+ document.write(document.querySelector("meta[name=assert]").content);
+ </script>
+ </p>
+
+ <p>See <a href="%(spec_specification_url)s" target="_blank">specification</a>
+ details for this test.</p>
+
+ <h3>Scenario outline</h3>
+ <table>
+ <tbody>
+ <tr>
+ <th>Delivery method</th>
+ <td>%(delivery_method)s</td>
+ </tr>
+ <tr>
+ <th>Redirection</th>
+ <td>%(redirection)s</td>
+ </tr>
+ <tr>
+ <th>Origin transition</th>
+ <td>%(origin)s</td>
+ </tr>
+ <tr>
+ <th>Protocol transition</th>
+ <td>from %(source_protocol)s to %(target_protocol)s</td>
+ </tr>
+ <tr>
+ <th>Subresource type</th>
+ <td>%(subresource)s</td>
+ </tr>
+ <tr>
+ <td colspan="2"><hr></td>
+ </tr>
+ <tr>
+ <th>Expected result</th>
+ <td>Referrer URL should be <strong>%(referrer_url)s</strong></td>
+ </tr>
+ <tbody>
+ </table>
+
+ <script>%(test_js)s</script>
+
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/generic/template/test.js.template b/testing/web-platform/tests/referrer-policy/generic/template/test.js.template
new file mode 100644
index 000000000..4b01d4d11
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/generic/template/test.js.template
@@ -0,0 +1,15 @@
+ReferrerPolicyTestCase(
+ {
+ "referrer_policy": %(referrer_policy_json)s,
+ "delivery_method": "%(delivery_method)s",
+ "redirection": "%(redirection)s",
+ "origin": "%(origin)s",
+ "source_protocol": "%(source_protocol)s",
+ "target_protocol": "%(target_protocol)s",
+ "subresource": "%(subresource)s",
+ "subresource_path": "%(subresource_path)s",
+ "referrer_url": "%(referrer_url)s"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+).start();
diff --git a/testing/web-platform/tests/referrer-policy/generic/template/test.release.html.template b/testing/web-platform/tests/referrer-policy/generic/template/test.release.html.template
new file mode 100644
index 000000000..0d63fd68a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/generic/template/test.release.html.template
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+%(generated_disclaimer)s
+<html>
+ <head>
+ <title>Referrer-Policy: %(spec_title)s</title>
+ <meta name="description" content="%(spec_description)s">%(meta_delivery_method)s
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="%(spec_specification_url)s">
+ <meta name="assert" content="%(test_description)s">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>%(test_js)s</script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/generic/template/test_description.template b/testing/web-platform/tests/referrer-policy/generic/template/test_description.template
new file mode 100644
index 000000000..fbc80bb25
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/generic/template/test_description.template
@@ -0,0 +1,5 @@
+The referrer URL is %(referrer_url)s when a
+document served over %(source_protocol)s requires an %(target_protocol)s
+sub-resource via %(subresource)s using the %(delivery_method)s
+delivery method with %(redirection)s and when
+the target request is %(origin)s.
diff --git a/testing/web-platform/tests/referrer-policy/generic/template/worker.js.template b/testing/web-platform/tests/referrer-policy/generic/template/worker.js.template
new file mode 100644
index 000000000..817dd8c87
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/generic/template/worker.js.template
@@ -0,0 +1,3 @@
+postMessage({
+ "headers": %(headers)s
+});
diff --git a/testing/web-platform/tests/referrer-policy/generic/tools/__init__.py b/testing/web-platform/tests/referrer-policy/generic/tools/__init__.py
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/generic/tools/__init__.py
diff --git a/testing/web-platform/tests/referrer-policy/generic/tools/clean.py b/testing/web-platform/tests/referrer-policy/generic/tools/clean.py
new file mode 100755
index 000000000..715e1d6ae
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/generic/tools/clean.py
@@ -0,0 +1,35 @@
+#!/usr/bin/env python
+
+import os, json
+from common_paths import *
+import spec_validator
+
+def rmtree(top):
+ top = os.path.abspath(top)
+ assert top != os.path.expanduser("~")
+ assert len(top) > len(os.path.expanduser("~"))
+ assert "web-platform-tests" in top
+ assert "referrer-policy" in top
+
+ for root, dirs, files in os.walk(top, topdown=False):
+ for name in files:
+ os.remove(os.path.join(root, name))
+ for name in dirs:
+ os.rmdir(os.path.join(root, name))
+
+ os.rmdir(top)
+
+def main():
+ spec_json = load_spec_json();
+ spec_validator.assert_valid_spec_json(spec_json)
+
+ for spec in spec_json['specification']:
+ generated_dir = os.path.join(spec_directory, spec["name"])
+ if (os.path.isdir(generated_dir)):
+ rmtree(generated_dir)
+
+ if (os.path.isfile(generated_spec_json_filename)):
+ os.remove(generated_spec_json_filename)
+
+if __name__ == '__main__':
+ main()
diff --git a/testing/web-platform/tests/referrer-policy/generic/tools/common_paths.py b/testing/web-platform/tests/referrer-policy/generic/tools/common_paths.py
new file mode 100644
index 000000000..dc303f3c1
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/generic/tools/common_paths.py
@@ -0,0 +1,52 @@
+import os, sys, json, re
+
+script_directory = os.path.dirname(os.path.abspath(__file__))
+generic_directory = os.path.abspath(os.path.join(script_directory, '..'))
+
+template_directory = os.path.abspath(os.path.join(script_directory,
+ '..',
+ 'template'))
+spec_directory = os.path.abspath(os.path.join(script_directory, '..', '..'))
+test_root_directory = os.path.abspath(os.path.join(script_directory,
+ '..', '..', '..'))
+
+spec_filename = os.path.join(spec_directory, "spec.src.json")
+generated_spec_json_filename = os.path.join(spec_directory, "spec_json.js")
+
+selection_pattern = '%(delivery_method)s/' + \
+ '%(origin)s/' + \
+ '%(source_protocol)s-%(target_protocol)s/' + \
+ '%(subresource)s/'
+
+test_file_path_pattern = '%(spec_name)s/' + selection_pattern + \
+ '%(name)s.%(redirection)s.%(source_protocol)s.html'
+
+
+def get_template(basename):
+ with open(os.path.join(template_directory, basename), "r") as f:
+ return f.read()
+
+
+def read_nth_line(fp, line_number):
+ fp.seek(0)
+ for i, line in enumerate(fp):
+ if (i + 1) == line_number:
+ return line
+
+
+def load_spec_json():
+ re_error_location = re.compile('line ([0-9]+) column ([0-9]+)')
+ with open(spec_filename, "r") as f:
+ try:
+ spec_json = json.load(f)
+ except ValueError, ex:
+ print ex.message
+ match = re_error_location.search(ex.message)
+ if match:
+ line_number, column = int(match.group(1)), int(match.group(2))
+ print read_nth_line(f, line_number).rstrip()
+ print " " * (column - 1) + "^"
+
+ sys.exit(1)
+
+ return spec_json
diff --git a/testing/web-platform/tests/referrer-policy/generic/tools/generate.py b/testing/web-platform/tests/referrer-policy/generic/tools/generate.py
new file mode 100755
index 000000000..10fc11c4f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/generic/tools/generate.py
@@ -0,0 +1,172 @@
+#!/usr/bin/env python
+
+import os, sys, json
+from common_paths import *
+import spec_validator
+import argparse
+
+
+def expand_test_expansion_pattern(spec_test_expansion, test_expansion_schema):
+ expansion = {}
+ for artifact in spec_test_expansion:
+ artifact_value = spec_test_expansion[artifact]
+ if artifact_value == '*':
+ expansion[artifact] = test_expansion_schema[artifact]
+ elif isinstance(artifact_value, list):
+ expansion[artifact] = artifact_value
+ else:
+ expansion[artifact] = [artifact_value]
+
+ return expansion
+
+
+def permute_expansion(expansion, selection = {}, artifact_index = 0):
+ artifact_order = ['delivery_method', 'redirection', 'origin',
+ 'source_protocol', 'target_protocol', 'subresource',
+ 'referrer_url', 'name']
+
+ if artifact_index >= len(artifact_order):
+ yield selection
+ return
+
+ artifact_key = artifact_order[artifact_index]
+
+ for artifact_value in expansion[artifact_key]:
+ selection[artifact_key] = artifact_value
+ for next_selection in permute_expansion(expansion,
+ selection,
+ artifact_index + 1):
+ yield next_selection
+
+
+def generate_selection(selection, spec, subresource_path,
+ test_html_template_basename):
+ selection['spec_name'] = spec['name']
+ selection['spec_title'] = spec['title']
+ selection['spec_description'] = spec['description']
+ selection['spec_specification_url'] = spec['specification_url']
+ selection['subresource_path'] = subresource_path
+ # Oddball: it can be None, so in JS it's null.
+ selection['referrer_policy_json'] = json.dumps(spec['referrer_policy'])
+
+ test_filename = test_file_path_pattern % selection
+ test_directory = os.path.dirname(test_filename)
+ full_path = os.path.join(spec_directory, test_directory)
+
+ test_html_template = get_template(test_html_template_basename)
+ test_js_template = get_template("test.js.template")
+ disclaimer_template = get_template('disclaimer.template')
+ test_description_template = get_template("test_description.template")
+
+ html_template_filename = os.path.join(template_directory,
+ test_html_template_basename)
+ generated_disclaimer = disclaimer_template \
+ % {'generating_script_filename': os.path.relpath(__file__,
+ test_root_directory),
+ 'html_template_filename': os.path.relpath(html_template_filename,
+ test_root_directory)}
+
+ # Adjust the template for the test invoking JS. Indent it to look nice.
+ selection['generated_disclaimer'] = generated_disclaimer.rstrip()
+ test_description_template = \
+ test_description_template.rstrip().replace("\n", "\n" + " " * 33)
+ selection['test_description'] = test_description_template % selection
+
+ # Adjust the template for the test invoking JS. Indent it to look nice.
+ indent = "\n" + " " * 6;
+ test_js_template = indent + test_js_template.replace("\n", indent);
+ selection['test_js'] = test_js_template % selection
+
+ # Directory for the test files.
+ try:
+ os.makedirs(full_path)
+ except:
+ pass
+
+ selection['meta_delivery_method'] = ''
+
+ if spec['referrer_policy'] != None:
+ if selection['delivery_method'] == 'meta-referrer':
+ selection['meta_delivery_method'] = \
+ '<meta name="referrer" content="%(referrer_policy)s">' % spec
+ elif selection['delivery_method'] == 'http-rp':
+ selection['meta_delivery_method'] = \
+ "<!-- No meta: Referrer policy delivered via HTTP headers. -->"
+ test_headers_filename = test_filename + ".headers"
+ with open(test_headers_filename, "w") as f:
+ f.write('Referrer-Policy: ' + \
+ '%(referrer_policy)s\n' % spec)
+ # TODO(kristijanburnik): Limit to WPT origins.
+ f.write('Access-Control-Allow-Origin: *\n')
+ elif selection['delivery_method'] == 'attr-referrer':
+ # attr-referrer is supported by the JS test wrapper.
+ pass
+ elif selection['delivery_method'] == 'rel-noreferrer':
+ # rel=noreferrer is supported by the JS test wrapper.
+ pass
+ else:
+ raise ValueError('Not implemented delivery_method: ' \
+ + selection['delivery_method'])
+
+ # Obey the lint and pretty format.
+ if len(selection['meta_delivery_method']) > 0:
+ selection['meta_delivery_method'] = "\n " + \
+ selection['meta_delivery_method']
+
+ with open(test_filename, 'w') as f:
+ f.write(test_html_template % selection)
+
+
+def generate_test_source_files(spec_json, target):
+ test_expansion_schema = spec_json['test_expansion_schema']
+ specification = spec_json['specification']
+
+ spec_json_js_template = get_template('spec_json.js.template')
+ with open(generated_spec_json_filename, 'w') as f:
+ f.write(spec_json_js_template
+ % {'spec_json': json.dumps(spec_json)})
+
+ # Choose a debug/release template depending on the target.
+ html_template = "test.%s.html.template" % target
+
+ # Create list of excluded tests.
+ exclusion_dict = {}
+ for excluded_pattern in spec_json['excluded_tests']:
+ excluded_expansion = \
+ expand_test_expansion_pattern(excluded_pattern,
+ test_expansion_schema)
+ for excluded_selection in permute_expansion(excluded_expansion):
+ excluded_selection_path = selection_pattern % excluded_selection
+ exclusion_dict[excluded_selection_path] = True
+
+ for spec in specification:
+ for spec_test_expansion in spec['test_expansion']:
+ expansion = expand_test_expansion_pattern(spec_test_expansion,
+ test_expansion_schema)
+ for selection in permute_expansion(expansion):
+ selection_path = selection_pattern % selection
+ if not selection_path in exclusion_dict:
+ subresource_path = \
+ spec_json["subresource_path"][selection["subresource"]]
+ generate_selection(selection,
+ spec,
+ subresource_path,
+ html_template)
+ else:
+ print 'Excluding selection:', selection_path
+
+
+def main(target):
+ spec_json = load_spec_json();
+ spec_validator.assert_valid_spec_json(spec_json)
+ generate_test_source_files(spec_json, target)
+
+
+if __name__ == '__main__':
+ parser = argparse.ArgumentParser(description='Test suite generator utility')
+ parser.add_argument('-t', '--target', type = str,
+ choices = ("release", "debug"), default = "release",
+ help = 'Sets the appropriate template for generating tests')
+ # TODO(kristijanburnik): Add option for the spec_json file.
+ args = parser.parse_args()
+ main(args.target)
diff --git a/testing/web-platform/tests/referrer-policy/generic/tools/regenerate b/testing/web-platform/tests/referrer-policy/generic/tools/regenerate
new file mode 100755
index 000000000..e6bd63519
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/generic/tools/regenerate
@@ -0,0 +1,3 @@
+#!/bin/bash
+DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
+python $DIR/clean.py && python $DIR/generate.py
diff --git a/testing/web-platform/tests/referrer-policy/generic/tools/spec_validator.py b/testing/web-platform/tests/referrer-policy/generic/tools/spec_validator.py
new file mode 100755
index 000000000..8641bbc1f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/generic/tools/spec_validator.py
@@ -0,0 +1,166 @@
+#!/usr/bin/env python
+
+import json, sys
+from common_paths import *
+
+def assert_non_empty_string(obj, field):
+ assert field in obj, 'Missing field "%s"' % field
+ assert isinstance(obj[field], basestring), \
+ 'Field "%s" must be a string' % field
+ assert len(obj[field]) > 0, 'Field "%s" must not be empty' % field
+
+def assert_non_empty_list(obj, field):
+ assert isinstance(obj[field], list), \
+ '%s must be a list' % field
+ assert len(obj[field]) > 0, \
+ '%s list must not be empty' % field
+
+def assert_non_empty_dict(obj, field):
+ assert isinstance(obj[field], dict), \
+ '%s must be a dict' % field
+ assert len(obj[field]) > 0, \
+ '%s dict must not be empty' % field
+
+def assert_contains(obj, field):
+ assert field in obj, 'Must contain field "%s"' % field
+
+def assert_value_from(obj, field, items):
+ assert obj[field] in items, \
+ 'Field "%s" must be from: %s' % (field, str(items))
+
+def assert_atom_or_list_items_from(obj, field, items):
+ if isinstance(obj[field], basestring) or isinstance(obj[field], int):
+ assert_value_from(obj, field, items)
+ return
+
+ assert_non_empty_list(obj, field)
+ for allowed_value in obj[field]:
+ assert allowed_value != '*', "Wildcard is not supported for lists!"
+ assert allowed_value in items, \
+ 'Field "%s" must be from: %s' % (field, str(items))
+
+def assert_contains_only_fields(obj, expected_fields):
+ for expected_field in expected_fields:
+ assert_contains(obj, expected_field)
+
+ for actual_field in obj:
+ assert actual_field in expected_fields, \
+ 'Unexpected field "%s".' % actual_field
+
+def assert_value_unique_in(value, used_values):
+ assert value not in used_values, 'Duplicate value "%s"!' % str(value)
+ used_values[value] = True
+
+
+def validate(spec_json, details):
+ """ Validates the json specification for generating tests. """
+
+ details['object'] = spec_json
+ assert_contains_only_fields(spec_json, ["specification",
+ "referrer_policy_schema",
+ "test_expansion_schema",
+ "subresource_path",
+ "excluded_tests"])
+ assert_non_empty_list(spec_json, "specification")
+ assert_non_empty_list(spec_json, "referrer_policy_schema")
+ assert_non_empty_dict(spec_json, "test_expansion_schema")
+ assert_non_empty_list(spec_json, "excluded_tests")
+
+ specification = spec_json['specification']
+ referrer_policy_schema = spec_json['referrer_policy_schema']
+ test_expansion_schema = spec_json['test_expansion_schema']
+ excluded_tests = spec_json['excluded_tests']
+ subresource_path = spec_json['subresource_path']
+
+ valid_test_expansion_fields = ['name'] + test_expansion_schema.keys()
+
+ # Validate each single spec.
+ for spec in specification:
+ details['object'] = spec
+
+ # Validate required fields for a single spec.
+ assert_contains_only_fields(spec, ['name',
+ 'title',
+ 'description',
+ 'referrer_policy',
+ 'specification_url',
+ 'test_expansion'])
+ assert_non_empty_string(spec, 'name')
+ assert_non_empty_string(spec, 'title')
+ assert_non_empty_string(spec, 'description')
+ assert_non_empty_string(spec, 'specification_url')
+ assert_value_from(spec, 'referrer_policy', referrer_policy_schema)
+ assert_non_empty_list(spec, 'test_expansion')
+
+ # Validate spec's test expansion.
+ used_spec_names = {}
+
+ for spec_exp in spec['test_expansion']:
+ details['object'] = spec_exp
+ assert_non_empty_string(spec_exp, 'name')
+ # The name is unique in same expansion group.
+ assert_value_unique_in((spec_exp['expansion'], spec_exp['name']),
+ used_spec_names)
+ assert_contains_only_fields(spec_exp, valid_test_expansion_fields)
+
+ for artifact in test_expansion_schema:
+ details['test_expansion_field'] = artifact
+ assert_atom_or_list_items_from(
+ spec_exp, artifact, ['*'] + test_expansion_schema[artifact])
+ del details['test_expansion_field']
+
+ # Validate the test_expansion schema members.
+ details['object'] = test_expansion_schema
+ assert_contains_only_fields(test_expansion_schema, ['expansion',
+ 'delivery_method',
+ 'redirection',
+ 'origin',
+ 'source_protocol',
+ 'target_protocol',
+ 'subresource',
+ 'referrer_url'])
+ # Validate excluded tests.
+ details['object'] = excluded_tests
+ for excluded_test_expansion in excluded_tests:
+ assert_contains_only_fields(excluded_test_expansion,
+ valid_test_expansion_fields)
+ details['object'] = excluded_test_expansion
+ for artifact in test_expansion_schema:
+ details['test_expansion_field'] = artifact
+ assert_atom_or_list_items_from(
+ excluded_test_expansion,
+ artifact,
+ ['*'] + test_expansion_schema[artifact])
+ del details['test_expansion_field']
+
+ # Validate subresource paths.
+ details['object'] = subresource_path
+ assert_contains_only_fields(subresource_path,
+ test_expansion_schema['subresource']);
+
+ for subresource in subresource_path:
+ local_rel_path = "." + subresource_path[subresource]
+ full_path = os.path.join(test_root_directory, local_rel_path)
+ assert os.path.isfile(full_path), "%s is not an existing file" % path
+
+ del details['object']
+
+
+def assert_valid_spec_json(spec_json):
+ error_details = {}
+ try:
+ validate(spec_json, error_details)
+ except AssertionError, err:
+ print 'ERROR:', err.message
+ print json.dumps(error_details, indent=4)
+ sys.exit(1)
+
+
+def main():
+ spec_json = load_spec_json();
+ assert_valid_spec_json(spec_json)
+ print "Spec JSON is valid."
+
+
+if __name__ == '__main__':
+ main()
diff --git a/testing/web-platform/tests/referrer-policy/generic/unsupported-csp-referrer-directive.html b/testing/web-platform/tests/referrer-policy/generic/unsupported-csp-referrer-directive.html
new file mode 100644
index 000000000..a40dded44
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/generic/unsupported-csp-referrer-directive.html
@@ -0,0 +1,30 @@
+<!DOCTYPE html>
+<html>
+ <head>
+ <title>Referrer Policy: CSP 'referrer' directive should not be supported</title>
+ <meta http-equiv="Content-Security-Policy" content="referrer no-referrer">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- Common global functions for referrer-policy tests. -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ </head>
+ <body>
+ <h1>Referrer Policy: CSP 'referrer' directive should not be supported</h1>
+ <p>CSP used to have a 'referrer' directive to set a Referrer Policy. This directive has been removed and should not be supported.</p>
+
+ <pre id="received_message">Running...</pre>
+
+ <script>
+ var test = async_test("Image has a referrer despite CSP 'referrer' directive");
+ var urlPath = '/referrer-policy/generic/subresource/image.py';
+ var url = location.protocol + "//www1." + location.hostname + ":" + location.port +
+ urlPath;
+ queryImage(url, test.step_func(function(message) {
+ assert_equals(message.referrer, document.location.href);
+ test.done();
+ }));
+ </script>
+
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..e5e6a7861
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..9d0ab2400
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..a8935c2be
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..35d6245f5
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..dae1ad56c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..86fa9997c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..9f8f2d884
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..ca6ada181
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..49a8973c4
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..a1eaf56ef
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..70e193434
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..85d4a15f7
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..c5c0dd241
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..d5e3b9fe0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..b3e883240
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..1415f88e6
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..c9e14a5c6
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..1197e4ea0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..34a7176c9
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..621a3f4f5
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..708135798
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..ca8b0837b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..553af1be5
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..5ac87bc66
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..301edeccd
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..e398d4662
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..eb995697d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..a05ee8ec3
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..00e0b12f9
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..4e1745300
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..99be5759b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..8b4c4a85c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..3a808fa16
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..e6a4a48ef
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..5b6a0f069
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..45a76a776
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..a3f6a8b60
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..013ad95a1
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..eb834de9b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..a3f6d25c8
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..7e456c402
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..6684bb31e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..293756816
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..695a773b0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..f7e7f0bf2
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..a54cf8649
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..b7adfc59b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..6639c028e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..f6e4ba09b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..8aaee1ba9
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..0a7d63121
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..5c4afd6b4
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..bd9dec511
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..dd03fe581
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..5b0157e85
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..47a08ddf8
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..be990f211
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..8cf74125a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..7cb08817b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..2a4bde0b9
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..55ccac1f1
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..36e1fed42
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..fc4a9865c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..c0fe57edd
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..dffd45534
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..79d8995f9
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..d521c1671
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..6299e8ec7
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..c67433bb7
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..8b46cf583
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..94290a0c4
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..dd800d38e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..96b2d3201
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..75f0f3334
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..97c4bb92e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..f6e9650e2
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..71ff29503
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..399bb0c14
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..2ec45b40a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..6a93f8429
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..9b72d4bbb
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..a7fac6177
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..6e8a612c8
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..68cc56301
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..f2152da95
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..33d9214bb
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..fe4596ea0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..0f6a74f59
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..59fec5603
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..c3bc39e7a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..d6efd8973
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..aa00c6f71
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..55083571c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..e1d4a6b3f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..6717cc2aa
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..fd9e58638
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..d7fd00050
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..21f160024
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..aac4a2a3f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..7e1ce57dd
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..8d84056e7
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..e09f582d7
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..e4f4232ae
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..d3b557d79
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..c748f8c25
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..7ff4aea0e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..cad3acfe5
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..6975f7807
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..b55f5379b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..514baf51f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..41ad2badf
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..36c8aaeaf
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..6cee2216b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..5a67b55e6
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..a3d17dd1d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..c86db50d2
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..ba698b85d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..e153ebd84
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..e1d04f843
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..4451804cd
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..ec8dcc3bb
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..13d58dccf
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..e7ed38632
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..ce744e009
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..a70858c05
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..621b14550
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..134267bb1
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..74f1935ef
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..2da8ff784
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..559862ade
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..293d8c330
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..7571a86f5
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..96939619c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..c79814f0e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..04b4a5946
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..5c749f4bf
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..5246fb54f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..3885e8a6a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..9de62cd2a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..af9798b9c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..36464436d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..455693efa
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..25ca0138f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..dd5055d0e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..dbecd9406
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="no-referrer-when-downgrade">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer-when-downgrade",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..0b7655ace
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..fe44085e3
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..875a8ffe4
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..58af86ef0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..fb82ab874
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..bdabcd3f3
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..c5434c6cd
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..0531f45d3
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..8691721fe
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..4d69c86dd
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..3330e7cb7
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..f159ef61e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..563ad1b91
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-http/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-http/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..1271218d0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-http/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..a7b4ad7a5
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..4ba159c7f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..c52392c32
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..51c5c5247
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..639c0246b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-https/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-https/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..88db01292
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-https/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..2663e303d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..11f22d858
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..3ce8fa977
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..c17e9a846
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/attr-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..57cddb7c4
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/fetch-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/fetch-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..e0388dbf5
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/fetch-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/fetch-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/fetch-request/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/fetch-request/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..a3355ef97
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..1aed56a52
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..4dc27f057
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..fc98c1d72
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..435a4b7cb
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..787e03d5b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/img-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/img-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/img-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..8dc6c82e1
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..4a52130cc
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/script-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/script-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..0b5fc2178
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/script-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/script-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/script-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/script-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..5a47798f0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..5fece1114
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/xhr-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/xhr-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..f3921aaf5
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/xhr-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/xhr-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/xhr-request/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/xhr-request/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..04ddbada0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..68528a3d1
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/fetch-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/fetch-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..0485112fb
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/fetch-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/fetch-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/fetch-request/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/fetch-request/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..c2ae6abed
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..43a2c9c6f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..c6fafef57
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..d0b61af2b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..07949589b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..325eaeba0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/img-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/img-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/img-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..b68a4e517
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..8f8f01f20
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/script-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/script-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..74cf6d4e7
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/script-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/script-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/script-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/script-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..57c858aec
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..097b8cdd3
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/xhr-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/xhr-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..c53cf0d94
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/xhr-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/xhr-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/xhr-request/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/xhr-request/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..a9370a998
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..712a2cee4
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/fetch-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/fetch-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..db4b684c7
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/fetch-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/fetch-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/fetch-request/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/fetch-request/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..334c54917
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..9a3844012
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..5e8d81c2d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/iframe-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/iframe-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/iframe-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..a49ecda4d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..723f22630
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..c11e69041
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/img-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/img-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/img-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..fd4612eff
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..4f12853c0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/script-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/script-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..52d3ae126
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/script-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/script-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/script-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/script-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..cb20e18af
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..8a49347b7
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/xhr-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/xhr-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..9ab2958e4
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/xhr-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/xhr-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/xhr-request/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/xhr-request/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..bda2e6175
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..c114a3f8a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/fetch-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/fetch-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..f1dc1238a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/fetch-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/fetch-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/fetch-request/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/fetch-request/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..44e0199f5
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..b7b1fc547
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..216a1e6cd
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/iframe-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/iframe-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/iframe-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..355f562c1
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..e61542595
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..7170884a6
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/img-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/img-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/img-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..65a9ba9b7
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..20dda3fe1
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/script-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/script-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..9beec5d64
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/script-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/script-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/script-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/script-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..d02fce2bb
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..ec472b264
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/xhr-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/xhr-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..deb8d736b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/xhr-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/xhr-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/xhr-request/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/xhr-request/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..8fa40cb48
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9b531426e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..bc1c5021a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/fetch-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/fetch-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..7b2c327c3
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/fetch-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..e5ea31157
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..cd54256ad
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..84b7c650f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..b9e130b96
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..ee64a3991
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..83168afa2
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..6e624a4c0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..206283f31
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/script-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/script-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..c45116994
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/script-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..c4399815d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..29831095f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/xhr-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/xhr-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..488a26b43
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/xhr-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..1cf420f93
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..15ff3f5ac
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/fetch-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/fetch-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..0dd487b42
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/fetch-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..b48e45310
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..ba04f94ac
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..b35d2db83
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..e923921d1
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..c1b54abd4
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..3ce103711
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..1b4719a32
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..b83af76c6
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/script-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/script-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..a370ed358
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/script-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..fa2e7a8f5
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..485702bc2
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/xhr-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/xhr-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..c412dce6c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/xhr-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..c1c32ba31
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..852b2a7ac
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/fetch-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/fetch-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..fa18f832d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/fetch-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..e8a9e5144
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..7932dd8bb
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..324251c10
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..67df3bc8f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..9000bcbee
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..7f5cb7c8f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..ea981ad14
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..222b078cc
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/script-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/script-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..3c1c41cda
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/script-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..954dede4a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..b0528816d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/xhr-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/xhr-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..524e650e9
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/xhr-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..0b6580b2e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..5c88dcae2
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/fetch-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/fetch-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..2a83f8cc9
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/fetch-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..3714b4a98
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..57b4df568
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..dcf26139b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..070d4283a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..9da6e448b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..2159b24e0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..aa032ca43
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..6e0dcd4c2
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/script-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/script-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..25559421d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/script-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..04bb56842
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..da806358d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/xhr-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/xhr-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..253f15de8
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/xhr-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..3b5271935
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+ <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+ <meta name="referrer" content="no-referrer">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "no-referrer",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-http/iframe-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-http/iframe-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..9455ed856
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-http/iframe-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-http/iframe-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-http/iframe-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..a6512954b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-http/iframe-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..af8c262ad
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..2b634b85e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..42ed329bf
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..9e78e962c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-https/iframe-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-https/iframe-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..f0dd273c3
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-https/iframe-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-https/iframe-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-https/iframe-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..0687cc22f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-https/iframe-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..7b6dd7b98
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..c371ce993
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..5bfef0ff6
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..856951865
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..1bcb41746
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.no-redirect.http.html
new file mode 100644
index 000000000..8f3c27f7e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..6633b43a0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..36941155b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html
new file mode 100644
index 000000000..fc05b1e52
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..56560123c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/iframe-tag/same-origin-downgrade.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/iframe-tag/same-origin-downgrade.keep-origin-redirect.http.html
new file mode 100644
index 000000000..ca0b0b1b5
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/iframe-tag/same-origin-downgrade.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/iframe-tag/same-origin-downgrade.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/iframe-tag/same-origin-downgrade.no-redirect.http.html
new file mode 100644
index 000000000..19cf59322
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/iframe-tag/same-origin-downgrade.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/iframe-tag/same-origin-downgrade.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/iframe-tag/same-origin-downgrade.swap-origin-redirect.http.html
new file mode 100644
index 000000000..77452623c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/iframe-tag/same-origin-downgrade.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..77452623c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/iframe-tag/same-origin-upgrade.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/iframe-tag/same-origin-upgrade.keep-origin-redirect.http.html
new file mode 100644
index 000000000..ca0b0b1b5
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/iframe-tag/same-origin-upgrade.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/iframe-tag/same-origin-upgrade.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/iframe-tag/same-origin-upgrade.no-redirect.http.html
new file mode 100644
index 000000000..19cf59322
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/iframe-tag/same-origin-upgrade.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/iframe-tag/same-origin-upgrade.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/iframe-tag/same-origin-upgrade.swap-origin-redirect.http.html
new file mode 100644
index 000000000..77452623c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/iframe-tag/same-origin-upgrade.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/img-tag/same-origin-downgrade.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/img-tag/same-origin-downgrade.keep-origin-redirect.http.html
new file mode 100644
index 000000000..f0c9e6fd9
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/img-tag/same-origin-downgrade.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/img-tag/same-origin-downgrade.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/img-tag/same-origin-downgrade.no-redirect.http.html
new file mode 100644
index 000000000..2aed178fd
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/img-tag/same-origin-downgrade.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/img-tag/same-origin-downgrade.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/img-tag/same-origin-downgrade.swap-origin-redirect.http.html
new file mode 100644
index 000000000..4e184519e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/img-tag/same-origin-downgrade.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..4e184519e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/img-tag/same-origin-upgrade.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/img-tag/same-origin-upgrade.keep-origin-redirect.http.html
new file mode 100644
index 000000000..f0c9e6fd9
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/img-tag/same-origin-upgrade.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/img-tag/same-origin-upgrade.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/img-tag/same-origin-upgrade.no-redirect.http.html
new file mode 100644
index 000000000..2aed178fd
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/img-tag/same-origin-upgrade.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/img-tag/same-origin-upgrade.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/img-tag/same-origin-upgrade.swap-origin-redirect.http.html
new file mode 100644
index 000000000..4e184519e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/attr-referrer/same-origin/http-https/img-tag/same-origin-upgrade.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..f4902bd27
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..fac616681
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.no-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..7385003cf
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..5e3a82f01
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..6eed1d779
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.no-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..cc3f2c42a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..c9f973b9b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..6850d329d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..a27a2ee4e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..67a7335ef
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..bace41398
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.no-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..ebedf9e28
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..58121f98f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..7381c1383
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.no-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..5117e3dd8
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..20fe88fde
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..224fc53a0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.no-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..856662a77
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..17f781400
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..53d9a7044
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.no-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..423c8ed20
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..790b68586
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..1dae9fecc
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..75644a3cc
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..2a226c6e1
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..e1c3ecd12
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.no-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..edd101a83
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..37979395e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..bc7c6d02d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.no-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..f9fbbbc32
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..6ef928b6e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.no-redirect.http.html
new file mode 100644
index 000000000..b253ef852
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.no-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..2d20c7c6d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..67169cf16
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.no-redirect.http.html
new file mode 100644
index 000000000..d21c6bda1
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.no-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..3859dcedf
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..77f71fb39
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html
new file mode 100644
index 000000000..024d43ea1
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..fa35c1f3e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..61669344d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.no-redirect.http.html
new file mode 100644
index 000000000..4daa07719
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.no-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..369e98e0f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..3ca50f3d6
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.no-redirect.http.html
new file mode 100644
index 000000000..5bddea2b1
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.no-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..9798ee5b0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-downgrade.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-downgrade.keep-origin-redirect.http.html
new file mode 100644
index 000000000..ee78d6ef1
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-downgrade.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-downgrade.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-downgrade.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-downgrade.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-downgrade.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-downgrade.no-redirect.http.html
new file mode 100644
index 000000000..0019b7d1f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-downgrade.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-downgrade.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-downgrade.no-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-downgrade.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-downgrade.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-downgrade.swap-origin-redirect.http.html
new file mode 100644
index 000000000..f4020bdff
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-downgrade.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-downgrade.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-downgrade.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-downgrade.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..f4020bdff
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-insecure.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-insecure.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-insecure.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-upgrade.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-upgrade.keep-origin-redirect.http.html
new file mode 100644
index 000000000..ee78d6ef1
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-upgrade.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-upgrade.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-upgrade.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-upgrade.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-upgrade.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-upgrade.no-redirect.http.html
new file mode 100644
index 000000000..0019b7d1f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-upgrade.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-upgrade.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-upgrade.no-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-upgrade.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-upgrade.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-upgrade.swap-origin-redirect.http.html
new file mode 100644
index 000000000..f4020bdff
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-upgrade.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-upgrade.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-upgrade.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/same-origin-upgrade.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-downgrade.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-downgrade.keep-origin-redirect.http.html
new file mode 100644
index 000000000..48dcc5d52
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-downgrade.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-downgrade.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-downgrade.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-downgrade.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-downgrade.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-downgrade.no-redirect.http.html
new file mode 100644
index 000000000..6cc4669d9
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-downgrade.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-downgrade.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-downgrade.no-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-downgrade.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-downgrade.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-downgrade.swap-origin-redirect.http.html
new file mode 100644
index 000000000..b1bacfe9b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-downgrade.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-downgrade.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-downgrade.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-downgrade.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..b1bacfe9b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-upgrade.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-upgrade.keep-origin-redirect.http.html
new file mode 100644
index 000000000..48dcc5d52
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-upgrade.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-upgrade.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-upgrade.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-upgrade.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-upgrade.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-upgrade.no-redirect.http.html
new file mode 100644
index 000000000..6cc4669d9
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-upgrade.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-upgrade.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-upgrade.no-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-upgrade.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-upgrade.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-upgrade.swap-origin-redirect.http.html
new file mode 100644
index 000000000..b1bacfe9b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-upgrade.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-upgrade.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-upgrade.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-upgrade.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-downgrade.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-downgrade.keep-origin-redirect.http.html
new file mode 100644
index 000000000..08156b668
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-downgrade.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-downgrade.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-downgrade.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-downgrade.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-downgrade.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-downgrade.no-redirect.http.html
new file mode 100644
index 000000000..ae1f44978
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-downgrade.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-downgrade.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-downgrade.no-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-downgrade.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-downgrade.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-downgrade.swap-origin-redirect.http.html
new file mode 100644
index 000000000..7b0f9d4b3
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-downgrade.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-downgrade.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-downgrade.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-downgrade.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..7b0f9d4b3
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-upgrade.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-upgrade.keep-origin-redirect.http.html
new file mode 100644
index 000000000..08156b668
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-upgrade.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-upgrade.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-upgrade.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-upgrade.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-upgrade.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-upgrade.no-redirect.http.html
new file mode 100644
index 000000000..ae1f44978
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-upgrade.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-upgrade.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-upgrade.no-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-upgrade.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-upgrade.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-upgrade.swap-origin-redirect.http.html
new file mode 100644
index 000000000..7b0f9d4b3
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-upgrade.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-upgrade.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-upgrade.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/same-origin-upgrade.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-downgrade.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-downgrade.keep-origin-redirect.http.html
new file mode 100644
index 000000000..633eb15d9
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-downgrade.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-downgrade.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-downgrade.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-downgrade.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-downgrade.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-downgrade.no-redirect.http.html
new file mode 100644
index 000000000..b7dd2d260
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-downgrade.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-downgrade.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-downgrade.no-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-downgrade.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-downgrade.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-downgrade.swap-origin-redirect.http.html
new file mode 100644
index 000000000..d968e31f4
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-downgrade.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-downgrade.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-downgrade.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-downgrade.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..d968e31f4
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-insecure.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-insecure.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-insecure.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-upgrade.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-upgrade.keep-origin-redirect.http.html
new file mode 100644
index 000000000..633eb15d9
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-upgrade.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-upgrade.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-upgrade.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-upgrade.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-upgrade.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-upgrade.no-redirect.http.html
new file mode 100644
index 000000000..b7dd2d260
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-upgrade.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-upgrade.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-upgrade.no-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-upgrade.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-upgrade.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-upgrade.swap-origin-redirect.http.html
new file mode 100644
index 000000000..d968e31f4
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-upgrade.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-upgrade.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-upgrade.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/same-origin-upgrade.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-downgrade.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-downgrade.keep-origin-redirect.http.html
new file mode 100644
index 000000000..cde3c4dcb
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-downgrade.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-downgrade.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-downgrade.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-downgrade.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-downgrade.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-downgrade.no-redirect.http.html
new file mode 100644
index 000000000..69e0ac3f3
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-downgrade.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-downgrade.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-downgrade.no-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-downgrade.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-downgrade.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-downgrade.swap-origin-redirect.http.html
new file mode 100644
index 000000000..f9f5cbfc2
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-downgrade.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-downgrade.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-downgrade.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-downgrade.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..f9f5cbfc2
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-insecure.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-insecure.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-insecure.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-upgrade.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-upgrade.keep-origin-redirect.http.html
new file mode 100644
index 000000000..cde3c4dcb
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-upgrade.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-upgrade.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-upgrade.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-upgrade.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-upgrade.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-upgrade.no-redirect.http.html
new file mode 100644
index 000000000..69e0ac3f3
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-upgrade.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-upgrade.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-upgrade.no-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-upgrade.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-upgrade.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-upgrade.swap-origin-redirect.http.html
new file mode 100644
index 000000000..f9f5cbfc2
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-upgrade.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-upgrade.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-upgrade.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..9ce1de388
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/same-origin-upgrade.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/fetch-request/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/fetch-request/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..cae0548b2
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/fetch-request/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/fetch-request/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/fetch-request/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..dfbdf4e37
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/fetch-request/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/fetch-request/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/fetch-request/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..33a64908d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/fetch-request/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/iframe-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/iframe-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..99d89c892
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/iframe-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/iframe-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/iframe-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..efc15af9b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/iframe-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..6457b6d07
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..b4895ecb1
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..8253f1e26
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..8319c4799
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/script-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/script-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..c96142058
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/script-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/script-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/script-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..fc6604637
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/script-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/script-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/script-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..a821ec58a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/script-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..f86d0e825
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..f4826c63a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..d83650ee3
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/fetch-request/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/fetch-request/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..48676a974
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/fetch-request/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/fetch-request/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/fetch-request/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..2812882a2
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/fetch-request/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/fetch-request/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/fetch-request/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..cc13e377b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/fetch-request/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/iframe-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/iframe-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..bbb011122
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/iframe-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/iframe-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/iframe-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..6d3ec1b96
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/iframe-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..76c95cdea
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..114d4dc86
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..0b7378bd6
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..d5e863d2e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/script-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/script-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..94f0f0b67
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/script-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/script-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/script-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..4a1ba7ae9
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/script-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/script-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/script-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..7009e93f4
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/script-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/xhr-request/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/xhr-request/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..219ae6d84
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/xhr-request/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/xhr-request/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/xhr-request/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..df5a52f9a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/xhr-request/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/xhr-request/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/xhr-request/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..7436b3978
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/cross-origin/http-https/xhr-request/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/fetch-request/same-origin-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/fetch-request/same-origin-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..ebaa47c72
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/fetch-request/same-origin-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/fetch-request/same-origin-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/fetch-request/same-origin-insecure.no-redirect.http.html
new file mode 100644
index 000000000..6cb598b38
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/fetch-request/same-origin-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/fetch-request/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/fetch-request/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..f7b661028
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/fetch-request/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..cc2175edb
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.no-redirect.http.html
new file mode 100644
index 000000000..b8cecaeed
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..ba8b28780
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..9aa2e5128
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html
new file mode 100644
index 000000000..9d997bd1a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..0245434f3
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/script-tag/same-origin-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/script-tag/same-origin-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..969d7e8dd
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/script-tag/same-origin-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/script-tag/same-origin-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/script-tag/same-origin-insecure.no-redirect.http.html
new file mode 100644
index 000000000..091ce5d0e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/script-tag/same-origin-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/script-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/script-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..9be9f24e6
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/script-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/xhr-request/same-origin-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/xhr-request/same-origin-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..225c18eb7
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/xhr-request/same-origin-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/xhr-request/same-origin-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/xhr-request/same-origin-insecure.no-redirect.http.html
new file mode 100644
index 000000000..eb3e612fd
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/xhr-request/same-origin-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/xhr-request/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/xhr-request/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..ef09fe30c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/xhr-request/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/fetch-request/same-origin-downgrade.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/fetch-request/same-origin-downgrade.keep-origin-redirect.http.html
new file mode 100644
index 000000000..f0adebf34
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/fetch-request/same-origin-downgrade.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/fetch-request/same-origin-downgrade.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/fetch-request/same-origin-downgrade.no-redirect.http.html
new file mode 100644
index 000000000..4d5714f87
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/fetch-request/same-origin-downgrade.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/fetch-request/same-origin-downgrade.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/fetch-request/same-origin-downgrade.swap-origin-redirect.http.html
new file mode 100644
index 000000000..6578bd1e6
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/fetch-request/same-origin-downgrade.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/fetch-request/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/fetch-request/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..6578bd1e6
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/fetch-request/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/fetch-request/same-origin-upgrade.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/fetch-request/same-origin-upgrade.keep-origin-redirect.http.html
new file mode 100644
index 000000000..f0adebf34
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/fetch-request/same-origin-upgrade.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/fetch-request/same-origin-upgrade.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/fetch-request/same-origin-upgrade.no-redirect.http.html
new file mode 100644
index 000000000..4d5714f87
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/fetch-request/same-origin-upgrade.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/fetch-request/same-origin-upgrade.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/fetch-request/same-origin-upgrade.swap-origin-redirect.http.html
new file mode 100644
index 000000000..6578bd1e6
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/fetch-request/same-origin-upgrade.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/iframe-tag/same-origin-downgrade.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/iframe-tag/same-origin-downgrade.keep-origin-redirect.http.html
new file mode 100644
index 000000000..94802477e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/iframe-tag/same-origin-downgrade.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/iframe-tag/same-origin-downgrade.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/iframe-tag/same-origin-downgrade.no-redirect.http.html
new file mode 100644
index 000000000..a4298049e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/iframe-tag/same-origin-downgrade.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/iframe-tag/same-origin-downgrade.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/iframe-tag/same-origin-downgrade.swap-origin-redirect.http.html
new file mode 100644
index 000000000..548e63ea9
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/iframe-tag/same-origin-downgrade.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..548e63ea9
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/iframe-tag/same-origin-upgrade.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/iframe-tag/same-origin-upgrade.keep-origin-redirect.http.html
new file mode 100644
index 000000000..94802477e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/iframe-tag/same-origin-upgrade.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/iframe-tag/same-origin-upgrade.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/iframe-tag/same-origin-upgrade.no-redirect.http.html
new file mode 100644
index 000000000..a4298049e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/iframe-tag/same-origin-upgrade.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/iframe-tag/same-origin-upgrade.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/iframe-tag/same-origin-upgrade.swap-origin-redirect.http.html
new file mode 100644
index 000000000..548e63ea9
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/iframe-tag/same-origin-upgrade.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-downgrade.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-downgrade.keep-origin-redirect.http.html
new file mode 100644
index 000000000..32da6f1ea
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-downgrade.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-downgrade.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-downgrade.no-redirect.http.html
new file mode 100644
index 000000000..c7367f706
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-downgrade.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-downgrade.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-downgrade.swap-origin-redirect.http.html
new file mode 100644
index 000000000..a0e33c720
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-downgrade.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..a0e33c720
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-upgrade.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-upgrade.keep-origin-redirect.http.html
new file mode 100644
index 000000000..32da6f1ea
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-upgrade.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-upgrade.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-upgrade.no-redirect.http.html
new file mode 100644
index 000000000..c7367f706
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-upgrade.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-upgrade.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-upgrade.swap-origin-redirect.http.html
new file mode 100644
index 000000000..a0e33c720
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-upgrade.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/script-tag/same-origin-downgrade.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/script-tag/same-origin-downgrade.keep-origin-redirect.http.html
new file mode 100644
index 000000000..c80a3c7e5
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/script-tag/same-origin-downgrade.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/script-tag/same-origin-downgrade.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/script-tag/same-origin-downgrade.no-redirect.http.html
new file mode 100644
index 000000000..e7e65e19e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/script-tag/same-origin-downgrade.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/script-tag/same-origin-downgrade.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/script-tag/same-origin-downgrade.swap-origin-redirect.http.html
new file mode 100644
index 000000000..42ecdbc0f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/script-tag/same-origin-downgrade.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/script-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/script-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..42ecdbc0f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/script-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/script-tag/same-origin-upgrade.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/script-tag/same-origin-upgrade.keep-origin-redirect.http.html
new file mode 100644
index 000000000..c80a3c7e5
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/script-tag/same-origin-upgrade.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/script-tag/same-origin-upgrade.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/script-tag/same-origin-upgrade.no-redirect.http.html
new file mode 100644
index 000000000..e7e65e19e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/script-tag/same-origin-upgrade.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/script-tag/same-origin-upgrade.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/script-tag/same-origin-upgrade.swap-origin-redirect.http.html
new file mode 100644
index 000000000..42ecdbc0f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/script-tag/same-origin-upgrade.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/xhr-request/same-origin-downgrade.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/xhr-request/same-origin-downgrade.keep-origin-redirect.http.html
new file mode 100644
index 000000000..c6dcc471c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/xhr-request/same-origin-downgrade.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/xhr-request/same-origin-downgrade.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/xhr-request/same-origin-downgrade.no-redirect.http.html
new file mode 100644
index 000000000..53505abe0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/xhr-request/same-origin-downgrade.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/xhr-request/same-origin-downgrade.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/xhr-request/same-origin-downgrade.swap-origin-redirect.http.html
new file mode 100644
index 000000000..76b1b2df5
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/xhr-request/same-origin-downgrade.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/xhr-request/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/xhr-request/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..76b1b2df5
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/xhr-request/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/xhr-request/same-origin-upgrade.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/xhr-request/same-origin-upgrade.keep-origin-redirect.http.html
new file mode 100644
index 000000000..c6dcc471c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/xhr-request/same-origin-upgrade.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/xhr-request/same-origin-upgrade.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/xhr-request/same-origin-upgrade.no-redirect.http.html
new file mode 100644
index 000000000..53505abe0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/xhr-request/same-origin-upgrade.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/xhr-request/same-origin-upgrade.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/xhr-request/same-origin-upgrade.swap-origin-redirect.http.html
new file mode 100644
index 000000000..76b1b2df5
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-https/xhr-request/same-origin-upgrade.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..403b08e5d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..25e9e2f45
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..0ae83292f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..7358e1c70
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..77b87b8cb
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..e8ba9a759
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..5622a50bf
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..dfdf69fbc
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..f5542f97e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..8cec185e1
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..9cb253f35
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..2ce74e688
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..ce0b1252e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-http/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-http/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..39304901c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-http/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..987106249
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..33d76d384
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..56a0eabe7
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..2befe6ff3
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..c9cb06842
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-https/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-https/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..c6f8e1490
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-https/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..dd44b6679
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..2ae35e050
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..2b7cc6d59
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..a6bbc66d3
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/attr-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..758ab5767
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/fetch-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/fetch-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..35a5049a5
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/fetch-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/fetch-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/fetch-request/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/fetch-request/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..851b077e6
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..cd93dd64a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..3cdd17258
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..34be306a1
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..33fe33fb1
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..eecbe272b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/img-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/img-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/img-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..90f8d6aa6
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..8f88eaf53
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/script-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/script-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..3df62ffab
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/script-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/script-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/script-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/script-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..f9961c352
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..4c124d298
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/xhr-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/xhr-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..29b6635f9
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/xhr-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/xhr-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/xhr-request/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/xhr-request/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..501315b2b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..ddae157a6
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/fetch-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/fetch-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..b48445413
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/fetch-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/fetch-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/fetch-request/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/fetch-request/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..2219a9204
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..22559b109
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..ddfbd4e19
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..23df7f0ad
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..767c13872
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..414cae5d6
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/img-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/img-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/img-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..081b8b55f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..fd3a69a85
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/script-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/script-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..65a3a5326
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/script-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/script-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/script-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/script-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..6fb1b31b1
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..d8ff89441
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/xhr-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/xhr-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..58fbc4829
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/xhr-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/xhr-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/xhr-request/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/xhr-request/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..229787117
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..2a421f846
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/fetch-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/fetch-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..df23d02dd
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/fetch-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/fetch-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/fetch-request/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/fetch-request/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..0098e8f3e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..6254fb8c7
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..8454f0665
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/iframe-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/iframe-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/iframe-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..381737def
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..7b600cbbd
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..f6631d884
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/img-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/img-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/img-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..4f0872346
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..04027e95f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/script-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/script-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..37037229b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/script-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/script-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/script-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/script-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..13473d515
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..619ed34a3
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/xhr-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/xhr-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..015a044da
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/xhr-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/xhr-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/xhr-request/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/xhr-request/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..2b3c2527b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..02d91a903
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/fetch-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/fetch-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..064eea5a3
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/fetch-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/fetch-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/fetch-request/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/fetch-request/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..d92098a31
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..a8f6d4c2b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..22b20d3b1
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/iframe-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/iframe-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/iframe-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..e4c0e8e69
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..30a7422fe
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..99c436d7f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/img-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/img-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/img-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..a94ce6d57
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..9f262c082
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/script-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/script-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..e4d50953a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/script-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/script-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/script-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/script-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..3a3e505e0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..8cf8a9db0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/xhr-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/xhr-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..f0e9bcfe4
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/xhr-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/xhr-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/xhr-request/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/xhr-request/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..9bb9159fa
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..306a53536
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..66cad9817
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/fetch-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/fetch-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..373a9a1fb
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/fetch-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..0661bda2b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..95cfae315
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..5631be438
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..c5f2de32e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..e676621b2
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..d1f431ffd
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..10ba9c188
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..78762fe53
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/script-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/script-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..8580bf41e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/script-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..740cca8ff
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..38096523b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/xhr-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/xhr-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..9d1db30f6
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/xhr-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..f28bd6734
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..52ea79ea3
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/fetch-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/fetch-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..45bc707ab
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/fetch-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..d80387047
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..6465e10c9
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..413690e8d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..602ec76bd
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..1a987e7f5
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..b7d113508
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..312c8d556
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..ba9d5d08f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/script-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/script-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..93a164d27
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/script-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..9b8f447e5
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..8b1a8ea3d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/xhr-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/xhr-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..d40d7b411
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/xhr-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..65bc46987
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..cba7210bd
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/fetch-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/fetch-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..54122bd8d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/fetch-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..a83eed311
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..493f79902
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..4aaae188f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..acf0c7aa0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..99da41e73
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..756dfb3cd
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..65ed223f1
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..96e7d4e7b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/script-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/script-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..d6c28231c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/script-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..ee9ad9993
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..e33ca1b5f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/xhr-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/xhr-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..e966c29b6
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/xhr-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..175441c9e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..21828b7b7
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/fetch-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/fetch-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..cadd6aa50
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/fetch-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..ac6d689b5
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..92c2e4d40
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..eceedcb15
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..e847df8ff
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..9cb83cb0c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..700d95828
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..73c907dea
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..2b7786cd3
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/script-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/script-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..15ff14f65
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/script-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..ba8411200
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..60df8dd48
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/xhr-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/xhr-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..a119d66be
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/xhr-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..47c8084c3
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+ <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+ <meta name="referrer" content="origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-http/iframe-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-http/iframe-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..14e928ea8
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-http/iframe-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-http/iframe-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-http/iframe-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..0e549ae0d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-http/iframe-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..ea0d40232
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..0acf101b8
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..7026fe1d1
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..e8bb9ae85
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-https/iframe-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-https/iframe-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..73f992b65
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-https/iframe-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-https/iframe-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-https/iframe-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..7fc3541bc
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-https/iframe-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..73ba641f9
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..172853a4f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..b2104f4cb
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..c984c4363
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..4cb71bcbf
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.no-redirect.http.html
new file mode 100644
index 000000000..66abd90fd
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..7c366c108
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..11683e44b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html
new file mode 100644
index 000000000..617093728
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..594c2984d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-https/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-https/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..f17556c54
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-https/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..fa91f2cbb
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..18dba0048
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..9d8b2b2c4
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.no-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..2befacac7
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..988c99d5c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..7588d84e0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.no-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..3e2b36979
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..b26c3efdc
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..c7c348f90
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..126e278b4
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..f22d6d87b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..90dd8881d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.no-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..8dd055d71
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..32248c739
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..4e41494b8
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.no-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..08973c571
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..863791529
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..1e66182f0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.no-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..289a4a507
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..4d44a10b7
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..d76ff641a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.no-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..37d4e3e46
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..2757dabaa
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..8a405470c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..f5c690b8b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..ba1424c06
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..7aebb65a5
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.no-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..8d145be6b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..6d334876d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..941dd867f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.no-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..41e0570ec
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..8f72529b6
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.no-redirect.http.html
new file mode 100644
index 000000000..36e5d0a32
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.no-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..87cc41497
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..41d8f63f2
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.no-redirect.http.html
new file mode 100644
index 000000000..e9082a803
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.no-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..731cb6339
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..94a1ceca8
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html
new file mode 100644
index 000000000..0e0fc8e5b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..b5f8a4cbd
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..bbc8f26a5
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.no-redirect.http.html
new file mode 100644
index 000000000..d373139d1
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.no-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..49468d125
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..c3be3878e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.no-redirect.http.html
new file mode 100644
index 000000000..f4800516d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.no-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..ce60482bd
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/fetch-request/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/fetch-request/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..5714a7e06
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/fetch-request/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/fetch-request/same-origin-insecure.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/fetch-request/same-origin-insecure.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/fetch-request/same-origin-insecure.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..ca5c1fd4b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..934fb53a6
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/script-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/script-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..755075a17
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/script-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/script-tag/same-origin-insecure.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/script-tag/same-origin-insecure.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/script-tag/same-origin-insecure.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/xhr-request/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/xhr-request/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..56c1bdb7d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/xhr-request/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/xhr-request/same-origin-insecure.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/xhr-request/same-origin-insecure.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/xhr-request/same-origin-insecure.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/fetch-request/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/fetch-request/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..986434466
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/fetch-request/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/fetch-request/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/fetch-request/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..a70bbb7ff
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/fetch-request/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/fetch-request/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/fetch-request/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..2199fbacc
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/fetch-request/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/iframe-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/iframe-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..0038a1a78
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/iframe-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/iframe-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/iframe-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..8555bc6cc
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/iframe-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..bd2014b06
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..b519ebcfb
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..a70f22d69
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..633938985
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/script-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/script-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..b9eefbc30
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/script-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/script-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/script-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..82fc3b114
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/script-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/script-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/script-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..bbcbe233f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/script-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..fd270955f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..4739c5847
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..fe6f02837
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/fetch-request/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/fetch-request/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..5d0f8168c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/fetch-request/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/fetch-request/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/fetch-request/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..3a4fb95e8
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/fetch-request/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/fetch-request/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/fetch-request/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..20c2f4f49
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/fetch-request/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/iframe-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/iframe-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..d3ad1f9c4
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/iframe-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/iframe-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/iframe-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..5de6a24aa
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/iframe-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..d39c95d82
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..df9f3a839
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..729839842
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..f5e5c5230
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/script-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/script-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..5e03688c4
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/script-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/script-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/script-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..346e401ef
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/script-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/script-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/script-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..27d89b3c0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/script-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/xhr-request/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/xhr-request/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..045dc0617
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/xhr-request/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/xhr-request/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/xhr-request/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..aadf71777
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/xhr-request/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/xhr-request/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/xhr-request/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..aada3951f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/xhr-request/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/fetch-request/same-origin-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/fetch-request/same-origin-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..9bbbfb72f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/fetch-request/same-origin-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/fetch-request/same-origin-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/fetch-request/same-origin-insecure.no-redirect.http.html
new file mode 100644
index 000000000..6d7a54cdb
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/fetch-request/same-origin-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/fetch-request/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/fetch-request/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..8117e29c0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/fetch-request/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..34859ed87
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.no-redirect.http.html
new file mode 100644
index 000000000..e73908952
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..0080977a7
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..155bf0109
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html
new file mode 100644
index 000000000..7b3442d29
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..fe2b40c58
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/script-tag/same-origin-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/script-tag/same-origin-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..18f3dbc80
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/script-tag/same-origin-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/script-tag/same-origin-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/script-tag/same-origin-insecure.no-redirect.http.html
new file mode 100644
index 000000000..f296512ef
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/script-tag/same-origin-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/script-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/script-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..8eaeb5cd8
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/script-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/xhr-request/same-origin-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/xhr-request/same-origin-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..9ca451221
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/xhr-request/same-origin-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/xhr-request/same-origin-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/xhr-request/same-origin-insecure.no-redirect.http.html
new file mode 100644
index 000000000..a8ec1e6ac
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/xhr-request/same-origin-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/xhr-request/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/xhr-request/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..5fdacce40
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/xhr-request/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-https/fetch-request/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-https/fetch-request/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..cac271986
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-https/fetch-request/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-https/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-https/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..7023a52be
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-https/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..a6be79bcd
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-https/script-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-https/script-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..70602133f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-https/script-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-https/xhr-request/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-https/xhr-request/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..27a95b7ad
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-https/xhr-request/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+ <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="same-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+ <meta name="assert" content="The referrer URL is omitted when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "same-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "omitted"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/spec.src.json b/testing/web-platform/tests/referrer-policy/spec.src.json
new file mode 100644
index 000000000..6d76af2f6
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/spec.src.json
@@ -0,0 +1,638 @@
+{
+ "specification": [
+ {
+ "name": "unset-referrer-policy",
+ "title": "Referrer Policy is not explicitly defined",
+ "description": "Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.",
+ "specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policies",
+ "referrer_policy": null,
+ "test_expansion": [
+ {
+ "name": "insecure-protocol",
+ "expansion": "default",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "*",
+ "subresource": "*",
+ "referrer_url": "stripped-referrer"
+ },
+ {
+ "name": "upgrade-protocol",
+ "expansion": "default",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "*",
+ "subresource": "*",
+ "referrer_url": "stripped-referrer"
+ },
+ {
+ "name": "downgrade-protocol",
+ "expansion": "default",
+ "source_protocol": "https",
+ "target_protocol": "http",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "*",
+ "subresource": "*",
+ "referrer_url": "omitted"
+ },
+ {
+ "name": "secure-protocol",
+ "expansion": "default",
+ "source_protocol": "https",
+ "target_protocol": "https",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "*",
+ "subresource": "*",
+ "referrer_url": "stripped-referrer"
+ }
+ ]
+ },
+ {
+ "name": "no-referrer",
+ "title": "Referrer Policy is set to 'no-referrer'",
+ "description": "Check that sub-resource never gets the referrer URL.",
+ "specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer",
+ "referrer_policy": "no-referrer",
+ "test_expansion": [
+ {
+ "name": "generic",
+ "expansion": "default",
+ "source_protocol": "*",
+ "target_protocol": "*",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "*",
+ "subresource": "*",
+ "referrer_url": "omitted"
+ }
+ ]
+ },
+ {
+ "name": "no-referrer-when-downgrade",
+ "title": "Referrer Policy is set to 'no-referrer-when-downgrade'",
+ "description": "Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.",
+ "specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade",
+ "referrer_policy": "no-referrer-when-downgrade",
+ "test_expansion": [
+ {
+ "name": "insecure-protocol",
+ "expansion": "default",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "*",
+ "subresource": "*",
+ "referrer_url": "stripped-referrer"
+ },
+ {
+ "name": "upgrade-protocol",
+ "expansion": "default",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "*",
+ "subresource": "*",
+ "referrer_url": "stripped-referrer"
+ },
+ {
+ "name": "downgrade-protocol",
+ "expansion": "default",
+ "source_protocol": "https",
+ "target_protocol": "http",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "*",
+ "subresource": "*",
+ "referrer_url": "omitted"
+ },
+ {
+ "name": "secure-protocol",
+ "expansion": "default",
+ "source_protocol": "https",
+ "target_protocol": "https",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "*",
+ "subresource": "*",
+ "referrer_url": "stripped-referrer"
+ }
+ ]
+ },
+ {
+ "name": "origin",
+ "title": "Referrer Policy is set to 'origin'",
+ "description": "Check that all subresources in all casses get only the origin portion of the referrer URL.",
+ "specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin",
+ "referrer_policy": "origin",
+ "test_expansion": [
+ {
+ "name": "generic",
+ "expansion": "default",
+ "source_protocol": "*",
+ "target_protocol": "*",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "*",
+ "subresource": "*",
+ "referrer_url": "origin"
+ }
+ ]
+ },
+ {
+ "name": "same-origin",
+ "title": "Referrer Policy is set to 'same-origin'",
+ "description": "Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.",
+ "specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin",
+ "referrer_policy": "same-origin",
+ "test_expansion": [
+ {
+ "name": "same-origin-insecure",
+ "expansion": "default",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "same-origin",
+ "subresource": "*",
+ "referrer_url": "stripped-referrer"
+ },
+ {
+ "name": "same-origin-secure-default",
+ "expansion": "default",
+ "source_protocol": "https",
+ "target_protocol": "https",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "same-origin",
+ "subresource": "*",
+ "referrer_url": "stripped-referrer"
+ },
+ {
+ "name": "same-origin-insecure",
+ "expansion": "override",
+ "source_protocol": "*",
+ "target_protocol": "*",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "subresource": "*",
+ "referrer_url": "omitted"
+ },
+ {
+ "name": "cross-origin",
+ "expansion": "default",
+ "source_protocol": "*",
+ "target_protocol": "*",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "cross-origin",
+ "subresource": "*",
+ "referrer_url": "omitted"
+ }
+ ]
+ },
+ {
+ "name": "origin-when-cross-origin",
+ "title": "Referrer Policy is set to 'origin-when-cross-origin'",
+ "description": "Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.",
+ "specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin",
+ "referrer_policy": "origin-when-cross-origin",
+ "test_expansion": [
+ {
+ "name": "same-origin-insecure",
+ "expansion": "default",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "same-origin",
+ "subresource": "*",
+ "referrer_url": "stripped-referrer"
+ },
+ {
+ "name": "same-origin-secure-default",
+ "expansion": "default",
+ "source_protocol": "https",
+ "target_protocol": "https",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "same-origin",
+ "subresource": "*",
+ "referrer_url": "stripped-referrer"
+ },
+ {
+ "name": "same-origin-upgrade",
+ "expansion": "default",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "same-origin",
+ "subresource": "*",
+ "referrer_url": "origin"
+ },
+ {
+ "name": "same-origin-downgrade",
+ "expansion": "default",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "same-origin",
+ "subresource": "*",
+ "referrer_url": "origin"
+ },
+ {
+ "name": "same-origin-insecure",
+ "expansion": "override",
+ "source_protocol": "*",
+ "target_protocol": "*",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "subresource": "*",
+ "referrer_url": "origin"
+ },
+ {
+ "name": "cross-origin",
+ "expansion": "default",
+ "source_protocol": "*",
+ "target_protocol": "*",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "cross-origin",
+ "subresource": "*",
+ "referrer_url": "origin"
+ }
+ ]
+ },
+ {
+ "name": "strict-origin",
+ "title": "Referrer Policy is set to 'strict-origin'",
+ "description": "Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.",
+ "specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin",
+ "referrer_policy": "strict-origin",
+ "test_expansion": [
+ {
+ "name": "insecure-protocol",
+ "expansion": "default",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "*",
+ "subresource": "*",
+ "referrer_url": "origin"
+ },
+ {
+ "name": "upgrade-protocol",
+ "expansion": "default",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "*",
+ "subresource": "*",
+ "referrer_url": "origin"
+ },
+ {
+ "name": "downgrade-protocol",
+ "expansion": "default",
+ "source_protocol": "https",
+ "target_protocol": "http",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "*",
+ "subresource": "*",
+ "referrer_url": "omitted"
+ },
+ {
+ "name": "secure-protocol",
+ "expansion": "default",
+ "source_protocol": "https",
+ "target_protocol": "https",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "*",
+ "subresource": "*",
+ "referrer_url": "origin"
+ }
+ ]
+ },
+ {
+ "name": "strict-origin-when-cross-origin",
+ "title": "Referrer Policy is set to 'strict-origin-when-cross-origin'",
+ "description": "Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.",
+ "specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin",
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "test_expansion": [
+ {
+ "name": "same-insecure",
+ "expansion": "default",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "same-origin",
+ "subresource": "*",
+ "referrer_url": "stripped-referrer"
+ },
+ {
+ "name": "same-insecure",
+ "expansion": "override",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "subresource": "*",
+ "referrer_url": "origin"
+ },
+ {
+ "name": "cross-insecure",
+ "expansion": "default",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "cross-origin",
+ "subresource": "*",
+ "referrer_url": "origin"
+ },
+ {
+ "name": "upgrade-protocol",
+ "expansion": "default",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "*",
+ "subresource": "*",
+ "referrer_url": "origin"
+ },
+ {
+ "name": "downgrade-protocol",
+ "expansion": "default",
+ "source_protocol": "https",
+ "target_protocol": "http",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "*",
+ "subresource": "*",
+ "referrer_url": "omitted"
+ },
+ {
+ "name": "same-secure",
+ "expansion": "default",
+ "source_protocol": "https",
+ "target_protocol": "https",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "same-origin",
+ "subresource": "*",
+ "referrer_url": "stripped-referrer"
+ },
+ {
+ "name": "same-secure",
+ "expansion": "override",
+ "source_protocol": "https",
+ "target_protocol": "https",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "subresource": "*",
+ "referrer_url": "origin"
+ },
+ {
+ "name": "cross-secure",
+ "expansion": "default",
+ "source_protocol": "https",
+ "target_protocol": "https",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "cross-origin",
+ "subresource": "*",
+ "referrer_url": "origin"
+ }
+ ]
+ },
+ {
+ "name": "unsafe-url",
+ "title": "Referrer Policy is set to 'unsafe-url'",
+ "description": "Check that all sub-resources get the stripped referrer URL.",
+ "specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url",
+ "referrer_policy": "unsafe-url",
+ "test_expansion": [
+ {
+ "name": "generic",
+ "expansion": "default",
+ "source_protocol": "*",
+ "target_protocol": "*",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "*",
+ "subresource": "*",
+ "referrer_url": "stripped-referrer"
+ }
+ ]
+ }
+ ],
+
+ "excluded_tests":[
+ {
+ "name": "cross-origin-workers",
+ "expansion": "*",
+ "source_protocol": "*",
+ "target_protocol": "*",
+ "redirection": "*",
+ "delivery_method": "*",
+ "origin": "cross-origin",
+ "subresource": "worker-request",
+ "referrer_url": "*"
+ },
+ {
+ "name": "upgraded-protocol-workers",
+ "expansion": "*",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "delivery_method": "*",
+ "redirection": "*",
+ "origin": "*",
+ "subresource": "worker-request",
+ "referrer_url": "*"
+ },
+ {
+ "name": "mixed-content-insecure-subresources",
+ "expansion": "*",
+ "source_protocol": "https",
+ "target_protocol": "http",
+ "delivery_method": "*",
+ "redirection": "*",
+ "origin": "*",
+ "subresource": "*",
+ "referrer_url": "*"
+ },
+ {
+ "name": "elements-not-supporting-attr-referrer",
+ "expansion": "*",
+ "source_protocol": "*",
+ "target_protocol": "*",
+ "delivery_method": ["attr-referrer"],
+ "redirection": "*",
+ "origin": "*",
+ "subresource": [
+ "script-tag",
+ "xhr-request",
+ "worker-request",
+ "fetch-request"
+ ],
+ "referrer_url": "*"
+ },
+ {
+ "name": "elements-not-supporting-rel-noreferrer",
+ "expansion": "*",
+ "source_protocol": "*",
+ "target_protocol": "*",
+ "delivery_method": ["rel-noreferrer"],
+ "redirection": "*",
+ "origin": "*",
+ "subresource": [
+ "iframe-tag",
+ "img-tag",
+ "script-tag",
+ "xhr-request",
+ "worker-request",
+ "fetch-request",
+ "area-tag"
+ ],
+ "referrer_url": "*"
+ },
+ {
+ "name": "area-tag",
+ "expansion": "*",
+ "source_protocol": "*",
+ "target_protocol": "*",
+ "delivery_method": "*",
+ "redirection": "*",
+ "origin": "*",
+ "subresource": "area-tag",
+ "referrer_url": "*"
+ },
+ {
+ "name": "worker-requests-with-swap-origin-redirect",
+ "expansion": "*",
+ "source_protocol": "*",
+ "target_protocol": "*",
+ "delivery_method": "*",
+ "redirection": "swap-origin-redirect",
+ "origin": "*",
+ "subresource": ["worker-request"],
+ "referrer_url": "*"
+ },
+ {
+ "name": "overhead-for-redirection",
+ "expansion": "*",
+ "source_protocol": "*",
+ "target_protocol": "*",
+ "delivery_method": "*",
+ "redirection": ["keep-origin-redirect", "swap-origin-redirect"],
+ "origin": "*",
+ "subresource": ["a-tag", "area-tag"],
+ "referrer_url": "*"
+ },
+ {
+ "name": "source-https-unsupported-by-web-platform-tests-runners",
+ "expansion": "*",
+ "source_protocol": "https",
+ "target_protocol": "*",
+ "delivery_method": "*",
+ "redirection": "*",
+ "origin": "*",
+ "subresource": "*",
+ "referrer_url": "*"
+ }
+ ],
+
+ "referrer_policy_schema": [
+ null,
+ "no-referrer",
+ "no-referrer-when-downgrade",
+ "same-origin",
+ "origin",
+ "origin-when-cross-origin",
+ "strict-origin",
+ "strict-origin-when-cross-origin",
+ "unsafe-url"
+ ],
+
+ "test_expansion_schema": {
+ "expansion": [
+ "default",
+ "override"
+ ],
+
+ "delivery_method": [
+ "http-rp",
+ "meta-referrer",
+ "attr-referrer",
+ "rel-noreferrer"
+ ],
+
+ "origin": [
+ "same-origin",
+ "cross-origin"
+ ],
+
+ "source_protocol": [
+ "http",
+ "https"
+ ],
+
+ "target_protocol": [
+ "http",
+ "https"
+ ],
+
+ "redirection": [
+ "no-redirect",
+ "keep-origin-redirect",
+ "swap-origin-redirect"
+ ],
+
+ "subresource": [
+ "iframe-tag",
+ "img-tag",
+ "script-tag",
+ "a-tag",
+ "area-tag",
+ "xhr-request",
+ "worker-request",
+ "fetch-request"
+ ],
+
+ "referrer_url": [
+ "omitted",
+ "origin",
+ "stripped-referrer"
+ ]
+ },
+
+ "subresource_path": {
+ "a-tag": "/referrer-policy/generic/subresource/document.py",
+ "area-tag": "/referrer-policy/generic/subresource/document.py",
+ "fetch-request": "/referrer-policy/generic/subresource/xhr.py",
+ "iframe-tag": "/referrer-policy/generic/subresource/document.py",
+ "img-tag": "/referrer-policy/generic/subresource/image.py",
+ "script-tag": "/referrer-policy/generic/subresource/script.py",
+ "worker-request": "/referrer-policy/generic/subresource/worker.py",
+ "xhr-request": "/referrer-policy/generic/subresource/xhr.py"
+ }
+}
diff --git a/testing/web-platform/tests/referrer-policy/spec_json.js b/testing/web-platform/tests/referrer-policy/spec_json.js
new file mode 100644
index 000000000..1da04bd59
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/spec_json.js
@@ -0,0 +1 @@
+var SPEC_JSON = {"subresource_path": {"img-tag": "/referrer-policy/generic/subresource/image.py", "fetch-request": "/referrer-policy/generic/subresource/xhr.py", "a-tag": "/referrer-policy/generic/subresource/document.py", "area-tag": "/referrer-policy/generic/subresource/document.py", "iframe-tag": "/referrer-policy/generic/subresource/document.py", "xhr-request": "/referrer-policy/generic/subresource/xhr.py", "worker-request": "/referrer-policy/generic/subresource/worker.py", "script-tag": "/referrer-policy/generic/subresource/script.py"}, "test_expansion_schema": {"origin": ["same-origin", "cross-origin"], "subresource": ["iframe-tag", "img-tag", "script-tag", "a-tag", "area-tag", "xhr-request", "worker-request", "fetch-request"], "target_protocol": ["http", "https"], "expansion": ["default", "override"], "delivery_method": ["http-rp", "meta-referrer", "attr-referrer", "rel-noreferrer"], "redirection": ["no-redirect", "keep-origin-redirect", "swap-origin-redirect"], "referrer_url": ["omitted", "origin", "stripped-referrer"], "source_protocol": ["http", "https"]}, "specification": [{"specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policies", "referrer_policy": null, "title": "Referrer Policy is not explicitly defined", "test_expansion": [{"origin": "*", "name": "insecure-protocol", "target_protocol": "http", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "http", "subresource": "*"}, {"origin": "*", "name": "upgrade-protocol", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "http", "subresource": "*"}, {"origin": "*", "name": "downgrade-protocol", "target_protocol": "http", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "omitted", "source_protocol": "https", "subresource": "*"}, {"origin": "*", "name": "secure-protocol", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "https", "subresource": "*"}], "name": "unset-referrer-policy", "description": "Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set."}, {"specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer", "referrer_policy": "no-referrer", "title": "Referrer Policy is set to 'no-referrer'", "test_expansion": [{"origin": "*", "name": "generic", "target_protocol": "*", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "omitted", "source_protocol": "*", "subresource": "*"}], "name": "no-referrer", "description": "Check that sub-resource never gets the referrer URL."}, {"specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade", "referrer_policy": "no-referrer-when-downgrade", "title": "Referrer Policy is set to 'no-referrer-when-downgrade'", "test_expansion": [{"origin": "*", "name": "insecure-protocol", "target_protocol": "http", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "http", "subresource": "*"}, {"origin": "*", "name": "upgrade-protocol", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "http", "subresource": "*"}, {"origin": "*", "name": "downgrade-protocol", "target_protocol": "http", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "omitted", "source_protocol": "https", "subresource": "*"}, {"origin": "*", "name": "secure-protocol", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "https", "subresource": "*"}], "name": "no-referrer-when-downgrade", "description": "Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."}, {"specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin", "referrer_policy": "origin", "title": "Referrer Policy is set to 'origin'", "test_expansion": [{"origin": "*", "name": "generic", "target_protocol": "*", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "origin", "source_protocol": "*", "subresource": "*"}], "name": "origin", "description": "Check that all subresources in all casses get only the origin portion of the referrer URL."}, {"specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin", "referrer_policy": "same-origin", "title": "Referrer Policy is set to 'same-origin'", "test_expansion": [{"origin": "same-origin", "name": "same-origin-insecure", "target_protocol": "http", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "http", "subresource": "*"}, {"origin": "same-origin", "name": "same-origin-secure-default", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "https", "subresource": "*"}, {"origin": "same-origin", "name": "same-origin-insecure", "target_protocol": "*", "expansion": "override", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "swap-origin-redirect", "referrer_url": "omitted", "source_protocol": "*", "subresource": "*"}, {"origin": "cross-origin", "name": "cross-origin", "target_protocol": "*", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "omitted", "source_protocol": "*", "subresource": "*"}], "name": "same-origin", "description": "Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL."}, {"specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin", "referrer_policy": "origin-when-cross-origin", "title": "Referrer Policy is set to 'origin-when-cross-origin'", "test_expansion": [{"origin": "same-origin", "name": "same-origin-insecure", "target_protocol": "http", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "http", "subresource": "*"}, {"origin": "same-origin", "name": "same-origin-secure-default", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "https", "subresource": "*"}, {"origin": "same-origin", "name": "same-origin-upgrade", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "origin", "source_protocol": "http", "subresource": "*"}, {"origin": "same-origin", "name": "same-origin-downgrade", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "origin", "source_protocol": "http", "subresource": "*"}, {"origin": "same-origin", "name": "same-origin-insecure", "target_protocol": "*", "expansion": "override", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "swap-origin-redirect", "referrer_url": "origin", "source_protocol": "*", "subresource": "*"}, {"origin": "cross-origin", "name": "cross-origin", "target_protocol": "*", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "origin", "source_protocol": "*", "subresource": "*"}], "name": "origin-when-cross-origin", "description": "Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."}, {"specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin", "referrer_policy": "strict-origin", "title": "Referrer Policy is set to 'strict-origin'", "test_expansion": [{"origin": "*", "name": "insecure-protocol", "target_protocol": "http", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "origin", "source_protocol": "http", "subresource": "*"}, {"origin": "*", "name": "upgrade-protocol", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "origin", "source_protocol": "http", "subresource": "*"}, {"origin": "*", "name": "downgrade-protocol", "target_protocol": "http", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "omitted", "source_protocol": "https", "subresource": "*"}, {"origin": "*", "name": "secure-protocol", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "origin", "source_protocol": "https", "subresource": "*"}], "name": "strict-origin", "description": "Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."}, {"specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin", "referrer_policy": "strict-origin-when-cross-origin", "title": "Referrer Policy is set to 'strict-origin-when-cross-origin'", "test_expansion": [{"origin": "same-origin", "name": "same-insecure", "target_protocol": "http", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "http", "subresource": "*"}, {"origin": "same-origin", "name": "same-insecure", "target_protocol": "http", "expansion": "override", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "swap-origin-redirect", "referrer_url": "origin", "source_protocol": "http", "subresource": "*"}, {"origin": "cross-origin", "name": "cross-insecure", "target_protocol": "http", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "origin", "source_protocol": "http", "subresource": "*"}, {"origin": "*", "name": "upgrade-protocol", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "origin", "source_protocol": "http", "subresource": "*"}, {"origin": "*", "name": "downgrade-protocol", "target_protocol": "http", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "omitted", "source_protocol": "https", "subresource": "*"}, {"origin": "same-origin", "name": "same-secure", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "https", "subresource": "*"}, {"origin": "same-origin", "name": "same-secure", "target_protocol": "https", "expansion": "override", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "swap-origin-redirect", "referrer_url": "origin", "source_protocol": "https", "subresource": "*"}, {"origin": "cross-origin", "name": "cross-secure", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "origin", "source_protocol": "https", "subresource": "*"}], "name": "strict-origin-when-cross-origin", "description": "Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."}, {"specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url", "referrer_policy": "unsafe-url", "title": "Referrer Policy is set to 'unsafe-url'", "test_expansion": [{"origin": "*", "name": "generic", "target_protocol": "*", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "*", "subresource": "*"}], "name": "unsafe-url", "description": "Check that all sub-resources get the stripped referrer URL."}], "referrer_policy_schema": [null, "no-referrer", "no-referrer-when-downgrade", "same-origin", "origin", "origin-when-cross-origin", "strict-origin", "strict-origin-when-cross-origin", "unsafe-url"], "excluded_tests": [{"origin": "cross-origin", "name": "cross-origin-workers", "target_protocol": "*", "expansion": "*", "delivery_method": "*", "redirection": "*", "referrer_url": "*", "source_protocol": "*", "subresource": "worker-request"}, {"origin": "*", "name": "upgraded-protocol-workers", "target_protocol": "https", "expansion": "*", "delivery_method": "*", "redirection": "*", "referrer_url": "*", "source_protocol": "http", "subresource": "worker-request"}, {"origin": "*", "name": "mixed-content-insecure-subresources", "target_protocol": "http", "expansion": "*", "delivery_method": "*", "redirection": "*", "referrer_url": "*", "source_protocol": "https", "subresource": "*"}, {"origin": "*", "name": "elements-not-supporting-attr-referrer", "target_protocol": "*", "expansion": "*", "delivery_method": ["attr-referrer"], "redirection": "*", "referrer_url": "*", "source_protocol": "*", "subresource": ["script-tag", "xhr-request", "worker-request", "fetch-request"]}, {"origin": "*", "name": "elements-not-supporting-rel-noreferrer", "target_protocol": "*", "expansion": "*", "delivery_method": ["rel-noreferrer"], "redirection": "*", "referrer_url": "*", "source_protocol": "*", "subresource": ["iframe-tag", "img-tag", "script-tag", "xhr-request", "worker-request", "fetch-request", "area-tag"]}, {"origin": "*", "name": "area-tag", "target_protocol": "*", "expansion": "*", "delivery_method": "*", "redirection": "*", "referrer_url": "*", "source_protocol": "*", "subresource": "area-tag"}, {"origin": "*", "name": "worker-requests-with-swap-origin-redirect", "target_protocol": "*", "expansion": "*", "delivery_method": "*", "redirection": "swap-origin-redirect", "referrer_url": "*", "source_protocol": "*", "subresource": ["worker-request"]}, {"origin": "*", "name": "overhead-for-redirection", "target_protocol": "*", "expansion": "*", "delivery_method": "*", "redirection": ["keep-origin-redirect", "swap-origin-redirect"], "referrer_url": "*", "source_protocol": "*", "subresource": ["a-tag", "area-tag"]}, {"origin": "*", "name": "source-https-unsupported-by-web-platform-tests-runners", "target_protocol": "*", "expansion": "*", "delivery_method": "*", "redirection": "*", "referrer_url": "*", "source_protocol": "https", "subresource": "*"}]};
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-http/iframe-tag/cross-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-http/iframe-tag/cross-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..410b5da8b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-http/iframe-tag/cross-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-http/iframe-tag/cross-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-http/iframe-tag/cross-insecure.no-redirect.http.html
new file mode 100644
index 000000000..ee981716b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-http/iframe-tag/cross-insecure.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-http/iframe-tag/cross-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-http/iframe-tag/cross-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..7f80e3dc6
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-http/iframe-tag/cross-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-http/img-tag/cross-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-http/img-tag/cross-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..e1acb81c2
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-http/img-tag/cross-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-http/img-tag/cross-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-http/img-tag/cross-insecure.no-redirect.http.html
new file mode 100644
index 000000000..8f524a23e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-http/img-tag/cross-insecure.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-http/img-tag/cross-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-http/img-tag/cross-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..d1d3bfbf4
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-http/img-tag/cross-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..6b6302a6a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..bcdf71566
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..18ec84b8a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..07bcce770
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..81c5c0b89
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..3e08734ae
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-http/iframe-tag/same-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-http/iframe-tag/same-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..14ffec0f8
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-http/iframe-tag/same-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-http/iframe-tag/same-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-http/iframe-tag/same-insecure.no-redirect.http.html
new file mode 100644
index 000000000..1dd314595
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-http/iframe-tag/same-insecure.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-http/iframe-tag/same-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-http/iframe-tag/same-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..fbda921ea
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-http/iframe-tag/same-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-http/img-tag/same-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-http/img-tag/same-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..0ba667d9c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-http/img-tag/same-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-http/img-tag/same-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-http/img-tag/same-insecure.no-redirect.http.html
new file mode 100644
index 000000000..abbc2d80f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-http/img-tag/same-insecure.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-http/img-tag/same-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-http/img-tag/same-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..71b1a9038
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-http/img-tag/same-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..f21693a29
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..5ecad4840
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..4a37ed845
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..44d4afad9
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..e0135ac65
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..c03ac3ec3
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..78028ea11
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-insecure.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-insecure.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-insecure.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-insecure.no-redirect.http.html
new file mode 100644
index 000000000..b436f264f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-insecure.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-insecure.no-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-insecure.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..7f0b239b6
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-insecure.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-insecure.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/fetch-request/cross-insecure.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..7d8657595
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-insecure.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-insecure.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-insecure.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-insecure.no-redirect.http.html
new file mode 100644
index 000000000..cf0764bda
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-insecure.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-insecure.no-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-insecure.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..68f7480b4
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-insecure.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-insecure.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/iframe-tag/cross-insecure.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..713b5eeb4
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-insecure.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-insecure.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-insecure.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-insecure.no-redirect.http.html
new file mode 100644
index 000000000..5ce05593c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-insecure.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-insecure.no-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-insecure.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..e1b43a7bd
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-insecure.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-insecure.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/img-tag/cross-insecure.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..57e841048
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-insecure.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-insecure.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-insecure.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-insecure.no-redirect.http.html
new file mode 100644
index 000000000..220448dd2
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-insecure.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-insecure.no-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-insecure.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..1bf99f140
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-insecure.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-insecure.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/script-tag/cross-insecure.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..4b41fa5b8
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-insecure.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-insecure.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-insecure.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-insecure.no-redirect.http.html
new file mode 100644
index 000000000..f46debfbe
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-insecure.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-insecure.no-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-insecure.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..7642d2f3d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-insecure.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-insecure.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-http/xhr-request/cross-insecure.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..23dddef08
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..41eb7eaa3
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..fa964a4a4
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..a973b979e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..8e6ca11f3
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..7073af2d6
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..6554f6cfc
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..65f8a5621
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..9c0a097c4
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..f456395c4
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..6943ffa98
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..b14bb43a9
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..b9275cb0f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..947e631d1
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..f6c8623a0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..08135c2a8
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-insecure.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-insecure.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-insecure.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-insecure.no-redirect.http.html
new file mode 100644
index 000000000..37fb15fef
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-insecure.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-insecure.no-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-insecure.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..3c35f0622
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-insecure.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-insecure.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-insecure.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..0c49b4e91
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-insecure.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-insecure.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-insecure.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-insecure.no-redirect.http.html
new file mode 100644
index 000000000..bc9303905
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-insecure.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-insecure.no-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-insecure.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..af7d1df7a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-insecure.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-insecure.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-insecure.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..b40e40125
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-insecure.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-insecure.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-insecure.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-insecure.no-redirect.http.html
new file mode 100644
index 000000000..fe66263f7
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-insecure.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-insecure.no-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-insecure.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..4f5483753
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-insecure.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-insecure.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-insecure.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..16c752ce0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-insecure.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-insecure.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-insecure.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-insecure.no-redirect.http.html
new file mode 100644
index 000000000..6acc89c80
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-insecure.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-insecure.no-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-insecure.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..7620c0160
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-insecure.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-insecure.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-insecure.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..d5979d7ab
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-insecure.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-insecure.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-insecure.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-insecure.no-redirect.http.html
new file mode 100644
index 000000000..b6bedeeb0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-insecure.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-insecure.no-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-insecure.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..7baab77a0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-insecure.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-insecure.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-insecure.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..fa61f3528
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..316e28af9
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..f08708b1e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..c922dd302
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..dbbc06464
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..cd93f802c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..2ce4f8c4f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..05cd14306
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..6c0eee6a9
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..55f137e6d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..c13e87d45
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..ed886aa24
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..2cf0c49c1
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..c06e5fa46
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..f29aae30d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..d74467b0a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/fetch-request/cross-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/fetch-request/cross-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..5d8c30513
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/fetch-request/cross-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/fetch-request/cross-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/fetch-request/cross-insecure.no-redirect.http.html
new file mode 100644
index 000000000..fb54ac71a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/fetch-request/cross-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/fetch-request/cross-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/fetch-request/cross-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..4e71ba5f1
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/fetch-request/cross-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/iframe-tag/cross-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/iframe-tag/cross-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..feb537fbc
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/iframe-tag/cross-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/iframe-tag/cross-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/iframe-tag/cross-insecure.no-redirect.http.html
new file mode 100644
index 000000000..6dba08c88
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/iframe-tag/cross-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/iframe-tag/cross-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/iframe-tag/cross-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..d40ed50ff
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/iframe-tag/cross-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/img-tag/cross-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/img-tag/cross-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..ba6cc74c4
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/img-tag/cross-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/img-tag/cross-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/img-tag/cross-insecure.no-redirect.http.html
new file mode 100644
index 000000000..285c361d1
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/img-tag/cross-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/img-tag/cross-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/img-tag/cross-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..299767948
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/img-tag/cross-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/script-tag/cross-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/script-tag/cross-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..dff241107
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/script-tag/cross-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/script-tag/cross-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/script-tag/cross-insecure.no-redirect.http.html
new file mode 100644
index 000000000..6d11862ed
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/script-tag/cross-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/script-tag/cross-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/script-tag/cross-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..1fc31fe39
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/script-tag/cross-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..4a8a1f048
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-insecure.no-redirect.http.html
new file mode 100644
index 000000000..68b177b6a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..68a648275
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..684dcaa14
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..ecfd82d06
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..7071663d6
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..9d7614521
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..f515e1d8a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..9bba4f399
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..b3d45d739
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..0faae4a90
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..cc26b0961
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..94b428184
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..ffb2366aa
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..b67826d77
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..596550e89
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..dc8ee2a8f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..266d4ff26
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/fetch-request/same-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/fetch-request/same-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..0e1f1375d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/fetch-request/same-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/fetch-request/same-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/fetch-request/same-insecure.no-redirect.http.html
new file mode 100644
index 000000000..c00e3501c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/fetch-request/same-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/fetch-request/same-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/fetch-request/same-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..65aa8b72e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/fetch-request/same-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/iframe-tag/same-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/iframe-tag/same-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..b3079d2dc
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/iframe-tag/same-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/iframe-tag/same-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/iframe-tag/same-insecure.no-redirect.http.html
new file mode 100644
index 000000000..c3ef7af04
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/iframe-tag/same-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/iframe-tag/same-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/iframe-tag/same-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..d21951e89
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/iframe-tag/same-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/img-tag/same-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/img-tag/same-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..7077dfa12
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/img-tag/same-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/img-tag/same-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/img-tag/same-insecure.no-redirect.http.html
new file mode 100644
index 000000000..e6b821182
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/img-tag/same-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/img-tag/same-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/img-tag/same-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..28a143047
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/img-tag/same-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/script-tag/same-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/script-tag/same-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..06e0cf6cc
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/script-tag/same-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/script-tag/same-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/script-tag/same-insecure.no-redirect.http.html
new file mode 100644
index 000000000..d9cfc360d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/script-tag/same-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/script-tag/same-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/script-tag/same-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..882de7e13
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/script-tag/same-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/xhr-request/same-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/xhr-request/same-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..2c9beb9b2
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/xhr-request/same-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/xhr-request/same-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/xhr-request/same-insecure.no-redirect.http.html
new file mode 100644
index 000000000..2da9b429e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/xhr-request/same-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/xhr-request/same-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/xhr-request/same-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..61b40b556
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/xhr-request/same-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..3dc9ca4ed
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..fa5788b51
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..f226759df
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..263ca22b5
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..e631d7950
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..dd777e20b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..3666ca93a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..083863b08
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..73e1f65bb
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..9b8cb3a1d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..ec76e41dd
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..7f76db13d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..c6dd5590c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..8ebdfb9f1
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..793aef76e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+ <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+ <meta name="referrer" content="strict-origin-when-cross-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..5cec2348d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..0f5f5353d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..67f62b51c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..0185812ea
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..b13d43aab
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..733dd399d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..e5171daca
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..518fc5ca9
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..07c8d14f0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..307ec9454
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..94a45bbf4
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..ff3a4d5f9
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..6be360594
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..29a5417f7
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..1d19df2c2
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..29cec56f8
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..fc158a9c9
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..0636fed23
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..3a3d0cb39
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..b1771d766
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..a2b64ec7a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..10d67abeb
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..c5d55deda
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..8b1c993d2
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..b8bfa369c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..e7abb5524
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..ee0f6a65e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..6e0f4dd79
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..6dcc1de0c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..dd867e250
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..a8a664fab
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..778eace94
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..151cdf90d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..8356d3b18
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..be8889a92
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..f579e9627
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..6771dfdc2
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..82b6165be
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..850b62b05
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..8dd238f17
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..d0c92c8c3
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..80aba4f30
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..76edcef00
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..0c9a64d75
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..7261e079b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..e3d99ada9
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..bf4f76c42
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..3568a5853
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..34678b6e0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..fd6fa84b8
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..8e2f26110
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..f1ef4905a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..882ec58e8
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..61222c061
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..07324af6d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..74f5a7ccc
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..e0c913583
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..28616e8af
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..4fb70527b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..dc4f644b7
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..829b2b072
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..e2be71dd9
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..b3d3dc54a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..56fdc7923
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..62397c248
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..183620ee8
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..dce61d41d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..c857f4c76
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..1f137283c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..4a82c2944
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..787d3afc7
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..0a1d40c5f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..999c43e8b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..6330560d9
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..4681722ab
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..1487f9645
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..ddd876b91
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..6c92b8d51
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..c2fef2eab
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..51b0a8069
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..ab62bdbee
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..bd5bbed36
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..a3d7e8477
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..e264bc35c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..07af8e286
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..96cb24604
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..97b2f4942
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..41c90bdfd
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..005b0fa5e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..bb240bee6
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..0d6b7b272
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..09d9594c2
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..c83cd6618
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..d9ed4f6c0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..f060d3b99
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..d37724e7c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..7c9c53f86
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..2b04c50a4
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..064da1b69
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..7046e6e14
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..25557dfb8
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..f3ce31c69
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..fdbf7a78b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..cf16f8ade
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..ffda52304
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..e013b680f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..1a1b24044
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..5bfd8faa1
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..d64873822
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..25f01ca1b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..c51a797d3
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..3562c938a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..50994e295
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..da91cfdd2
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..bb496aa3f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..0179180e5
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..3b9d5beb6
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..01c5646b1
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..fccec81bb
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..5840859b4
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..4e93fafee
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..9a9490e66
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..9e1bd3a1c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..46a7a33c3
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..6186d57f3
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..08a6df4fd
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..8bf116b87
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..3fe96e71d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..bdfce453e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..6e29cc16a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..dfc4b9792
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..dfbc93f20
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..4f581e783
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..610799d5e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..db36bbc70
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..8f4eabfa2
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..e5acfb1b0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..f2a6afb83
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..40dc6bfa4
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..2bac0fc5a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..023680ab7
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..fbd9be455
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..1b2a3b3ce
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..0c002eff6
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..3aecaf52f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+ <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+ <meta name="referrer" content="strict-origin">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+ <meta name="assert" content="The referrer URL is origin when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "strict-origin",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "origin"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..1d4be3c77
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..715150770
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..814b6d9ba
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..3bb871203
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..8a8a459f9
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..04ae66bd2
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..4947e50aa
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..39deeac30
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..334ebae52
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..ca1f0a68f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..f813f24a6
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..d3272c435
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..22800cf4b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..ceaa0164e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..5117c0f4d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..d891987d3
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..246089208
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..10fc2a00f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..9d504a970
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..5fc928a3c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..01d2abbb8
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..2b520ff43
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..7a2fb09fc
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..7612d5ef6
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..53ab93a35
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..ae0a512ba
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..1360c04c3
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..e608f52cb
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..e8b105995
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..0755eaf96
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..6c873e8f0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..e9d9d2469
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..78b871570
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..a38b20f17
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..a7fd03c43
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..06b2b252f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..49c3ec58e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..163b8c8a0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..c28550135
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..608035538
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..046b25859
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..59bf756b8
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..eee0a3f8b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..57f1a9d04
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..fdb7033c4
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..7168479ac
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..5689889eb
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..678d95524
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..73cabcfd9
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..fccf29967
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..174c0feac
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..832ceb02e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..4ce779935
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..664cb7e3d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..2ce45af4c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..038a0b2dd
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..78b340afe
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..12446ba14
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..70a115d87
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..7a083ea6c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..12871fac6
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..abd803c44
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..02e9b92a2
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..435281a74
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..dbdf2d6fb
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..e1643fd37
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..89acf024f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..9f4319130
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..5e492ca91
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..54a2fc322
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..e6775088a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..c2bccdf77
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..79cd63640
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..4fc687f97
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..3a24da90c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..95154a991
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..501e8ed24
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..a49c2a05c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..77d22e913
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..6ab0525a9
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..22057804a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..980c4a9aa
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..42c0c4b6f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..efb989ee3
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <!-- No meta: Referrer policy delivered via HTTP headers. -->
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..15120a2dc
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/fetch-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/fetch-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..dea4a85cf
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/fetch-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..c46cbb6a1
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..e89ee7f89
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..875901b25
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..82858ef62
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..775bf93fa
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..41560ae8c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..03073d50e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..5a1e1ccc6
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/script-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/script-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..5dab67170
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/script-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..50447b968
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..e4d2e2c77
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/xhr-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/xhr-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..374f5c0ea
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/xhr-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..f02d54bd7
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..71778ee0c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/fetch-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/fetch-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..6f34ef157
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/fetch-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..ebd930f69
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..18e6eb2b4
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..fc44e3e25
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..5c8822601
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..ebf71f175
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..bf6262f26
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..f591cbef0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..ba2d54d62
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/script-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/script-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..e8b0aa9e8
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/script-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..a34ce0378
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..6482686b5
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/xhr-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/xhr-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..2610bb065
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/xhr-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..740895b80
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..681dab44c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/fetch-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/fetch-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..d72aeb785
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/fetch-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..77c3c68a7
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..e5592cd08
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..a87451fbd
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..631e1477c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..0cbf66fed
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..43dc43d04
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..7fe2baacf
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..e1db3d1e5
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/script-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/script-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..404392c8e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/script-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..18cd15910
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..34c729544
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/xhr-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/xhr-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..6386f26a9
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/xhr-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..e9ffeeba0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..d3cc95adf
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/fetch-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/fetch-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..dbd4183bd
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/fetch-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..6e07cfb09
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..8c54512a9
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..07e669ccf
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..ec2e9c647
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..da52ddcc8
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..38e401993
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..3ae164bf1
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..759728b00
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/script-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/script-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..7b73c8ded
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/script-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..379763fc3
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..90417e90e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/xhr-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/xhr-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..a4e1bee0d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/xhr-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..4780d0d49
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+ <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+ <meta name="referrer" content="unsafe-url">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": "unsafe-url",
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..bcd0a811b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..55346939f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..e377fc377
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..2b2c1b287
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..e4d5cd7dc
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..2361a04f5
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..8d6e5f548
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..5fd5bf661
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..fb46a40ab
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..5d37c9fa6
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..efd914320
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..619865941
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..7c8e98fa3
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..e67e90c80
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..18667759e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..b47279c1c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..997bbf49e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..9472829ba
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..cb9ff640e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..8f9818814
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..8c134e9c3
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..7eb825062
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "attr-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..35e905c39
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "attr-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..871679a6e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/attr-referrer/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the attr-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "attr-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..0665510a6
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..a93c94af5
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..6665a2f35
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..b380ce0c9
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..1894667f0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..033feffcc
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..1f6b62841
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..88a3e42a5
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..69d835c3d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..ffa234c29
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..f92abf01b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..953805774
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..b6191fed6
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..635ec9d82
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..00848d660
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..00cacb906
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..68b8f69e5
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..9390b64fd
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..1c12c9ca2
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..a76c98066
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..dd1c82dc6
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..307c76211
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..30530e663
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..d6e1c283c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..19666416a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..f05d225d8
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..efa96f50f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..ecc377c68
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..c5b47ed3b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..f8b744f61
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..36757f5dc
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..c75ea8d74
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..e765d8200
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..5d2c1268c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..07850f1d2
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..bea31157f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..b1e6128a3
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..187644769
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..621aaf86a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..2c16b549a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..2c66e693d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..e6c6432c0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..ec52992fd
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..c0aef90b3
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..76e883fce
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..d719b5135
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..21b899d88
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..e83e55ecc
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via fetch-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..fdf3cf38c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..ff768ca62
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..b36050b5e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..943ec5cf3
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..44cf0ddec
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..9df29013d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..5b392fb53
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..7d6be6e4d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..29c554a2f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via script-tag using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..2f60784c0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..179877264
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..de46596f9
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via xhr-request using the http-rp
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "http-rp",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..4ee0c81a5
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..1db8f0d99
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..5b1533620
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..30dee3506
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..31b50bde1
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..cea04e81a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..0e6469412
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..f99e0f0ae
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..1bbcfbb06
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..a35c885ec
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..7e46eee5e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..3457d393c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..690b427f4
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..7c1838c51
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..b891494cb
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..58c6f098c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..31da00276
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..b4448f4da
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..a9c58e69f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..71e9f32ec
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..da7331ae1
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..8fea31f3c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..476ddd04e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..a583699ff
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..6f6084587
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..88f9b2ff1
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..c36005af7
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..1b6773352
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..0003f46e3
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..89749f241
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/cross-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is cross-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "cross-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..36911507e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/fetch-request/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..e8487bca9
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/fetch-request/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..f3a2ea727
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/fetch-request/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..4f0899351
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/iframe-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..7cae21045
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/iframe-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..59699ea0c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/iframe-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..a0e4f7aae
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..39bc55b03
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..842e32d57
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/img-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via img-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..39410f46c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/script-tag/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..74c79e9fd
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/script-tag/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..5a66ee358
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/script-tag/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via script-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..85ecb5e65
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/xhr-request/insecure-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html
new file mode 100644
index 000000000..c4207cf8b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/xhr-request/insecure-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..359326b1a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/xhr-request/insecure-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an http
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..8378e3f1b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..735dc7639
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..ba6d9abb3
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via fetch-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "fetch-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..0d8231cfa
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..82296dc38
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..7a7c19a6d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via iframe-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "iframe-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/document.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..241ae8b80
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..57e56be55
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..98738a646
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via img-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "img-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/image.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..3e504c049
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..f48e258f0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..59e01959a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via script-tag using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "script-tag",
+ "subresource_path": "/referrer-policy/generic/subresource/script.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html
new file mode 100644
index 000000000..32e8231f0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with keep-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "keep-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html
new file mode 100644
index 000000000..2d391dbbd
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with no-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "no-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html
new file mode 100644
index 000000000..0bd9d4a42
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+ <head>
+ <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+ <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+ <meta name="assert" content="The referrer URL is stripped-referrer when a
+ document served over http requires an https
+ sub-resource via xhr-request using the meta-referrer
+ delivery method with swap-origin-redirect and when
+ the target request is same-origin.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <!-- TODO(kristijanburnik): Minify and merge both: -->
+ <script src="/referrer-policy/generic/common.js"></script>
+ <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+ </head>
+ <body>
+ <script>
+ ReferrerPolicyTestCase(
+ {
+ "referrer_policy": null,
+ "delivery_method": "meta-referrer",
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "subresource": "xhr-request",
+ "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+ "referrer_url": "stripped-referrer"
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>