diff options
author | Matt A. Tobin <mattatobin@localhost.localdomain> | 2018-02-02 04:16:08 -0500 |
---|---|---|
committer | Matt A. Tobin <mattatobin@localhost.localdomain> | 2018-02-02 04:16:08 -0500 |
commit | 5f8de423f190bbb79a62f804151bc24824fa32d8 (patch) | |
tree | 10027f336435511475e392454359edea8e25895d /testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin | |
parent | 49ee0794b5d912db1f95dce6eb52d781dc210db5 (diff) | |
download | UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.gz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.lz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.xz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.zip |
Add m-esr52 at 52.6.0
Diffstat (limited to 'testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin')
60 files changed, 1290 insertions, 0 deletions
diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-insecure.keep-origin-redirect.http.html new file mode 100644 index 000000000..08135c2a8 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-insecure.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title> + <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via fetch-request using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin-when-cross-origin", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-insecure.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-insecure.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..d74467b0a --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-insecure.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin-when-cross-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-insecure.no-redirect.http.html new file mode 100644 index 000000000..37fb15fef --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-insecure.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title> + <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via fetch-request using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin-when-cross-origin", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-insecure.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-insecure.no-redirect.http.html.headers new file mode 100644 index 000000000..d74467b0a --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-insecure.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin-when-cross-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-insecure.swap-origin-redirect.http.html new file mode 100644 index 000000000..3c35f0622 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-insecure.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title> + <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via fetch-request using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin-when-cross-origin", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-insecure.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-insecure.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..d74467b0a --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/fetch-request/same-insecure.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin-when-cross-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-insecure.keep-origin-redirect.http.html new file mode 100644 index 000000000..0c49b4e91 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-insecure.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title> + <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via iframe-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin-when-cross-origin", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-insecure.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-insecure.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..d74467b0a --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-insecure.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin-when-cross-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-insecure.no-redirect.http.html new file mode 100644 index 000000000..bc9303905 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-insecure.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title> + <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via iframe-tag using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin-when-cross-origin", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-insecure.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-insecure.no-redirect.http.html.headers new file mode 100644 index 000000000..d74467b0a --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-insecure.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin-when-cross-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-insecure.swap-origin-redirect.http.html new file mode 100644 index 000000000..af7d1df7a --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-insecure.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title> + <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via iframe-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin-when-cross-origin", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-insecure.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-insecure.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..d74467b0a --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/iframe-tag/same-insecure.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin-when-cross-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-insecure.keep-origin-redirect.http.html new file mode 100644 index 000000000..b40e40125 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-insecure.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title> + <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin-when-cross-origin", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-insecure.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-insecure.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..d74467b0a --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-insecure.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin-when-cross-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-insecure.no-redirect.http.html new file mode 100644 index 000000000..fe66263f7 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-insecure.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title> + <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin-when-cross-origin", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-insecure.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-insecure.no-redirect.http.html.headers new file mode 100644 index 000000000..d74467b0a --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-insecure.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin-when-cross-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-insecure.swap-origin-redirect.http.html new file mode 100644 index 000000000..4f5483753 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-insecure.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title> + <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via img-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin-when-cross-origin", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-insecure.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-insecure.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..d74467b0a --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/img-tag/same-insecure.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin-when-cross-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-insecure.keep-origin-redirect.http.html new file mode 100644 index 000000000..16c752ce0 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-insecure.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title> + <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via script-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin-when-cross-origin", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-insecure.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-insecure.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..d74467b0a --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-insecure.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin-when-cross-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-insecure.no-redirect.http.html new file mode 100644 index 000000000..6acc89c80 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-insecure.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title> + <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via script-tag using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin-when-cross-origin", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-insecure.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-insecure.no-redirect.http.html.headers new file mode 100644 index 000000000..d74467b0a --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-insecure.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin-when-cross-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-insecure.swap-origin-redirect.http.html new file mode 100644 index 000000000..7620c0160 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-insecure.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title> + <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via script-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin-when-cross-origin", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-insecure.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-insecure.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..d74467b0a --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/script-tag/same-insecure.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin-when-cross-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-insecure.keep-origin-redirect.http.html new file mode 100644 index 000000000..d5979d7ab --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-insecure.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title> + <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via xhr-request using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin-when-cross-origin", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-insecure.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-insecure.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..d74467b0a --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-insecure.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin-when-cross-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-insecure.no-redirect.http.html new file mode 100644 index 000000000..b6bedeeb0 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-insecure.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title> + <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via xhr-request using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin-when-cross-origin", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-insecure.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-insecure.no-redirect.http.html.headers new file mode 100644 index 000000000..d74467b0a --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-insecure.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin-when-cross-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-insecure.swap-origin-redirect.http.html new file mode 100644 index 000000000..7baab77a0 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-insecure.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title> + <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an http + sub-resource via xhr-request using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin-when-cross-origin", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-insecure.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-insecure.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..d74467b0a --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/xhr-request/same-insecure.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin-when-cross-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html new file mode 100644 index 000000000..fa61f3528 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title> + <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via fetch-request using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin-when-cross-origin", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..d74467b0a --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin-when-cross-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html new file mode 100644 index 000000000..316e28af9 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title> + <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via fetch-request using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin-when-cross-origin", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html.headers new file mode 100644 index 000000000..d74467b0a --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin-when-cross-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html new file mode 100644 index 000000000..f08708b1e --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title> + <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via fetch-request using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin-when-cross-origin", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..d74467b0a --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/fetch-request/upgrade-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin-when-cross-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html new file mode 100644 index 000000000..c922dd302 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title> + <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via iframe-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin-when-cross-origin", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..d74467b0a --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin-when-cross-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html new file mode 100644 index 000000000..dbbc06464 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title> + <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via iframe-tag using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin-when-cross-origin", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html.headers new file mode 100644 index 000000000..d74467b0a --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin-when-cross-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html new file mode 100644 index 000000000..cd93f802c --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title> + <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via iframe-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin-when-cross-origin", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..d74467b0a --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/iframe-tag/upgrade-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin-when-cross-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html new file mode 100644 index 000000000..2ce4f8c4f --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title> + <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin-when-cross-origin", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..d74467b0a --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin-when-cross-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html new file mode 100644 index 000000000..05cd14306 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title> + <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin-when-cross-origin", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html.headers new file mode 100644 index 000000000..d74467b0a --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin-when-cross-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html new file mode 100644 index 000000000..6c0eee6a9 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title> + <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via img-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin-when-cross-origin", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..d74467b0a --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/img-tag/upgrade-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin-when-cross-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html new file mode 100644 index 000000000..55f137e6d --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title> + <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via script-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin-when-cross-origin", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..d74467b0a --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin-when-cross-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html new file mode 100644 index 000000000..c13e87d45 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title> + <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via script-tag using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin-when-cross-origin", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html.headers new file mode 100644 index 000000000..d74467b0a --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin-when-cross-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html new file mode 100644 index 000000000..ed886aa24 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title> + <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via script-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin-when-cross-origin", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..d74467b0a --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/script-tag/upgrade-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin-when-cross-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html new file mode 100644 index 000000000..2cf0c49c1 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title> + <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via xhr-request using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin-when-cross-origin", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..d74467b0a --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin-when-cross-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html new file mode 100644 index 000000000..c06e5fa46 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title> + <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via xhr-request using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin-when-cross-origin", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html.headers new file mode 100644 index 000000000..d74467b0a --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin-when-cross-origin +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html new file mode 100644 index 000000000..f29aae30d --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title> + <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin"> + <meta name="assert" content="The referrer URL is origin when a + document served over http requires an https + sub-resource via xhr-request using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "strict-origin-when-cross-origin", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "origin" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..d74467b0a --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-https/xhr-request/upgrade-protocol.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: strict-origin-when-cross-origin +Access-Control-Allow-Origin: * |