summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/referrer-policy/spec.src.json
diff options
context:
space:
mode:
Diffstat (limited to 'testing/web-platform/tests/referrer-policy/spec.src.json')
-rw-r--r--testing/web-platform/tests/referrer-policy/spec.src.json638
1 files changed, 638 insertions, 0 deletions
diff --git a/testing/web-platform/tests/referrer-policy/spec.src.json b/testing/web-platform/tests/referrer-policy/spec.src.json
new file mode 100644
index 000000000..6d76af2f6
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/spec.src.json
@@ -0,0 +1,638 @@
+{
+ "specification": [
+ {
+ "name": "unset-referrer-policy",
+ "title": "Referrer Policy is not explicitly defined",
+ "description": "Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.",
+ "specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policies",
+ "referrer_policy": null,
+ "test_expansion": [
+ {
+ "name": "insecure-protocol",
+ "expansion": "default",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "*",
+ "subresource": "*",
+ "referrer_url": "stripped-referrer"
+ },
+ {
+ "name": "upgrade-protocol",
+ "expansion": "default",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "*",
+ "subresource": "*",
+ "referrer_url": "stripped-referrer"
+ },
+ {
+ "name": "downgrade-protocol",
+ "expansion": "default",
+ "source_protocol": "https",
+ "target_protocol": "http",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "*",
+ "subresource": "*",
+ "referrer_url": "omitted"
+ },
+ {
+ "name": "secure-protocol",
+ "expansion": "default",
+ "source_protocol": "https",
+ "target_protocol": "https",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "*",
+ "subresource": "*",
+ "referrer_url": "stripped-referrer"
+ }
+ ]
+ },
+ {
+ "name": "no-referrer",
+ "title": "Referrer Policy is set to 'no-referrer'",
+ "description": "Check that sub-resource never gets the referrer URL.",
+ "specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer",
+ "referrer_policy": "no-referrer",
+ "test_expansion": [
+ {
+ "name": "generic",
+ "expansion": "default",
+ "source_protocol": "*",
+ "target_protocol": "*",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "*",
+ "subresource": "*",
+ "referrer_url": "omitted"
+ }
+ ]
+ },
+ {
+ "name": "no-referrer-when-downgrade",
+ "title": "Referrer Policy is set to 'no-referrer-when-downgrade'",
+ "description": "Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.",
+ "specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade",
+ "referrer_policy": "no-referrer-when-downgrade",
+ "test_expansion": [
+ {
+ "name": "insecure-protocol",
+ "expansion": "default",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "*",
+ "subresource": "*",
+ "referrer_url": "stripped-referrer"
+ },
+ {
+ "name": "upgrade-protocol",
+ "expansion": "default",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "*",
+ "subresource": "*",
+ "referrer_url": "stripped-referrer"
+ },
+ {
+ "name": "downgrade-protocol",
+ "expansion": "default",
+ "source_protocol": "https",
+ "target_protocol": "http",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "*",
+ "subresource": "*",
+ "referrer_url": "omitted"
+ },
+ {
+ "name": "secure-protocol",
+ "expansion": "default",
+ "source_protocol": "https",
+ "target_protocol": "https",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "*",
+ "subresource": "*",
+ "referrer_url": "stripped-referrer"
+ }
+ ]
+ },
+ {
+ "name": "origin",
+ "title": "Referrer Policy is set to 'origin'",
+ "description": "Check that all subresources in all casses get only the origin portion of the referrer URL.",
+ "specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin",
+ "referrer_policy": "origin",
+ "test_expansion": [
+ {
+ "name": "generic",
+ "expansion": "default",
+ "source_protocol": "*",
+ "target_protocol": "*",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "*",
+ "subresource": "*",
+ "referrer_url": "origin"
+ }
+ ]
+ },
+ {
+ "name": "same-origin",
+ "title": "Referrer Policy is set to 'same-origin'",
+ "description": "Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.",
+ "specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin",
+ "referrer_policy": "same-origin",
+ "test_expansion": [
+ {
+ "name": "same-origin-insecure",
+ "expansion": "default",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "same-origin",
+ "subresource": "*",
+ "referrer_url": "stripped-referrer"
+ },
+ {
+ "name": "same-origin-secure-default",
+ "expansion": "default",
+ "source_protocol": "https",
+ "target_protocol": "https",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "same-origin",
+ "subresource": "*",
+ "referrer_url": "stripped-referrer"
+ },
+ {
+ "name": "same-origin-insecure",
+ "expansion": "override",
+ "source_protocol": "*",
+ "target_protocol": "*",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "subresource": "*",
+ "referrer_url": "omitted"
+ },
+ {
+ "name": "cross-origin",
+ "expansion": "default",
+ "source_protocol": "*",
+ "target_protocol": "*",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "cross-origin",
+ "subresource": "*",
+ "referrer_url": "omitted"
+ }
+ ]
+ },
+ {
+ "name": "origin-when-cross-origin",
+ "title": "Referrer Policy is set to 'origin-when-cross-origin'",
+ "description": "Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.",
+ "specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin",
+ "referrer_policy": "origin-when-cross-origin",
+ "test_expansion": [
+ {
+ "name": "same-origin-insecure",
+ "expansion": "default",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "same-origin",
+ "subresource": "*",
+ "referrer_url": "stripped-referrer"
+ },
+ {
+ "name": "same-origin-secure-default",
+ "expansion": "default",
+ "source_protocol": "https",
+ "target_protocol": "https",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "same-origin",
+ "subresource": "*",
+ "referrer_url": "stripped-referrer"
+ },
+ {
+ "name": "same-origin-upgrade",
+ "expansion": "default",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "same-origin",
+ "subresource": "*",
+ "referrer_url": "origin"
+ },
+ {
+ "name": "same-origin-downgrade",
+ "expansion": "default",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "same-origin",
+ "subresource": "*",
+ "referrer_url": "origin"
+ },
+ {
+ "name": "same-origin-insecure",
+ "expansion": "override",
+ "source_protocol": "*",
+ "target_protocol": "*",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "subresource": "*",
+ "referrer_url": "origin"
+ },
+ {
+ "name": "cross-origin",
+ "expansion": "default",
+ "source_protocol": "*",
+ "target_protocol": "*",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "cross-origin",
+ "subresource": "*",
+ "referrer_url": "origin"
+ }
+ ]
+ },
+ {
+ "name": "strict-origin",
+ "title": "Referrer Policy is set to 'strict-origin'",
+ "description": "Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.",
+ "specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin",
+ "referrer_policy": "strict-origin",
+ "test_expansion": [
+ {
+ "name": "insecure-protocol",
+ "expansion": "default",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "*",
+ "subresource": "*",
+ "referrer_url": "origin"
+ },
+ {
+ "name": "upgrade-protocol",
+ "expansion": "default",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "*",
+ "subresource": "*",
+ "referrer_url": "origin"
+ },
+ {
+ "name": "downgrade-protocol",
+ "expansion": "default",
+ "source_protocol": "https",
+ "target_protocol": "http",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "*",
+ "subresource": "*",
+ "referrer_url": "omitted"
+ },
+ {
+ "name": "secure-protocol",
+ "expansion": "default",
+ "source_protocol": "https",
+ "target_protocol": "https",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "*",
+ "subresource": "*",
+ "referrer_url": "origin"
+ }
+ ]
+ },
+ {
+ "name": "strict-origin-when-cross-origin",
+ "title": "Referrer Policy is set to 'strict-origin-when-cross-origin'",
+ "description": "Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.",
+ "specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin",
+ "referrer_policy": "strict-origin-when-cross-origin",
+ "test_expansion": [
+ {
+ "name": "same-insecure",
+ "expansion": "default",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "same-origin",
+ "subresource": "*",
+ "referrer_url": "stripped-referrer"
+ },
+ {
+ "name": "same-insecure",
+ "expansion": "override",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "subresource": "*",
+ "referrer_url": "origin"
+ },
+ {
+ "name": "cross-insecure",
+ "expansion": "default",
+ "source_protocol": "http",
+ "target_protocol": "http",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "cross-origin",
+ "subresource": "*",
+ "referrer_url": "origin"
+ },
+ {
+ "name": "upgrade-protocol",
+ "expansion": "default",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "*",
+ "subresource": "*",
+ "referrer_url": "origin"
+ },
+ {
+ "name": "downgrade-protocol",
+ "expansion": "default",
+ "source_protocol": "https",
+ "target_protocol": "http",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "*",
+ "subresource": "*",
+ "referrer_url": "omitted"
+ },
+ {
+ "name": "same-secure",
+ "expansion": "default",
+ "source_protocol": "https",
+ "target_protocol": "https",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "same-origin",
+ "subresource": "*",
+ "referrer_url": "stripped-referrer"
+ },
+ {
+ "name": "same-secure",
+ "expansion": "override",
+ "source_protocol": "https",
+ "target_protocol": "https",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "swap-origin-redirect",
+ "origin": "same-origin",
+ "subresource": "*",
+ "referrer_url": "origin"
+ },
+ {
+ "name": "cross-secure",
+ "expansion": "default",
+ "source_protocol": "https",
+ "target_protocol": "https",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "cross-origin",
+ "subresource": "*",
+ "referrer_url": "origin"
+ }
+ ]
+ },
+ {
+ "name": "unsafe-url",
+ "title": "Referrer Policy is set to 'unsafe-url'",
+ "description": "Check that all sub-resources get the stripped referrer URL.",
+ "specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url",
+ "referrer_policy": "unsafe-url",
+ "test_expansion": [
+ {
+ "name": "generic",
+ "expansion": "default",
+ "source_protocol": "*",
+ "target_protocol": "*",
+ "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"],
+ "redirection": "*",
+ "origin": "*",
+ "subresource": "*",
+ "referrer_url": "stripped-referrer"
+ }
+ ]
+ }
+ ],
+
+ "excluded_tests":[
+ {
+ "name": "cross-origin-workers",
+ "expansion": "*",
+ "source_protocol": "*",
+ "target_protocol": "*",
+ "redirection": "*",
+ "delivery_method": "*",
+ "origin": "cross-origin",
+ "subresource": "worker-request",
+ "referrer_url": "*"
+ },
+ {
+ "name": "upgraded-protocol-workers",
+ "expansion": "*",
+ "source_protocol": "http",
+ "target_protocol": "https",
+ "delivery_method": "*",
+ "redirection": "*",
+ "origin": "*",
+ "subresource": "worker-request",
+ "referrer_url": "*"
+ },
+ {
+ "name": "mixed-content-insecure-subresources",
+ "expansion": "*",
+ "source_protocol": "https",
+ "target_protocol": "http",
+ "delivery_method": "*",
+ "redirection": "*",
+ "origin": "*",
+ "subresource": "*",
+ "referrer_url": "*"
+ },
+ {
+ "name": "elements-not-supporting-attr-referrer",
+ "expansion": "*",
+ "source_protocol": "*",
+ "target_protocol": "*",
+ "delivery_method": ["attr-referrer"],
+ "redirection": "*",
+ "origin": "*",
+ "subresource": [
+ "script-tag",
+ "xhr-request",
+ "worker-request",
+ "fetch-request"
+ ],
+ "referrer_url": "*"
+ },
+ {
+ "name": "elements-not-supporting-rel-noreferrer",
+ "expansion": "*",
+ "source_protocol": "*",
+ "target_protocol": "*",
+ "delivery_method": ["rel-noreferrer"],
+ "redirection": "*",
+ "origin": "*",
+ "subresource": [
+ "iframe-tag",
+ "img-tag",
+ "script-tag",
+ "xhr-request",
+ "worker-request",
+ "fetch-request",
+ "area-tag"
+ ],
+ "referrer_url": "*"
+ },
+ {
+ "name": "area-tag",
+ "expansion": "*",
+ "source_protocol": "*",
+ "target_protocol": "*",
+ "delivery_method": "*",
+ "redirection": "*",
+ "origin": "*",
+ "subresource": "area-tag",
+ "referrer_url": "*"
+ },
+ {
+ "name": "worker-requests-with-swap-origin-redirect",
+ "expansion": "*",
+ "source_protocol": "*",
+ "target_protocol": "*",
+ "delivery_method": "*",
+ "redirection": "swap-origin-redirect",
+ "origin": "*",
+ "subresource": ["worker-request"],
+ "referrer_url": "*"
+ },
+ {
+ "name": "overhead-for-redirection",
+ "expansion": "*",
+ "source_protocol": "*",
+ "target_protocol": "*",
+ "delivery_method": "*",
+ "redirection": ["keep-origin-redirect", "swap-origin-redirect"],
+ "origin": "*",
+ "subresource": ["a-tag", "area-tag"],
+ "referrer_url": "*"
+ },
+ {
+ "name": "source-https-unsupported-by-web-platform-tests-runners",
+ "expansion": "*",
+ "source_protocol": "https",
+ "target_protocol": "*",
+ "delivery_method": "*",
+ "redirection": "*",
+ "origin": "*",
+ "subresource": "*",
+ "referrer_url": "*"
+ }
+ ],
+
+ "referrer_policy_schema": [
+ null,
+ "no-referrer",
+ "no-referrer-when-downgrade",
+ "same-origin",
+ "origin",
+ "origin-when-cross-origin",
+ "strict-origin",
+ "strict-origin-when-cross-origin",
+ "unsafe-url"
+ ],
+
+ "test_expansion_schema": {
+ "expansion": [
+ "default",
+ "override"
+ ],
+
+ "delivery_method": [
+ "http-rp",
+ "meta-referrer",
+ "attr-referrer",
+ "rel-noreferrer"
+ ],
+
+ "origin": [
+ "same-origin",
+ "cross-origin"
+ ],
+
+ "source_protocol": [
+ "http",
+ "https"
+ ],
+
+ "target_protocol": [
+ "http",
+ "https"
+ ],
+
+ "redirection": [
+ "no-redirect",
+ "keep-origin-redirect",
+ "swap-origin-redirect"
+ ],
+
+ "subresource": [
+ "iframe-tag",
+ "img-tag",
+ "script-tag",
+ "a-tag",
+ "area-tag",
+ "xhr-request",
+ "worker-request",
+ "fetch-request"
+ ],
+
+ "referrer_url": [
+ "omitted",
+ "origin",
+ "stripped-referrer"
+ ]
+ },
+
+ "subresource_path": {
+ "a-tag": "/referrer-policy/generic/subresource/document.py",
+ "area-tag": "/referrer-policy/generic/subresource/document.py",
+ "fetch-request": "/referrer-policy/generic/subresource/xhr.py",
+ "iframe-tag": "/referrer-policy/generic/subresource/document.py",
+ "img-tag": "/referrer-policy/generic/subresource/image.py",
+ "script-tag": "/referrer-policy/generic/subresource/script.py",
+ "worker-request": "/referrer-policy/generic/subresource/worker.py",
+ "xhr-request": "/referrer-policy/generic/subresource/xhr.py"
+ }
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-28 15:10:21 +0000