diff options
Diffstat (limited to 'testing/web-platform/tests/referrer-policy/unsafe-url/http-rp')
120 files changed, 2580 insertions, 0 deletions
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..53ab93a35 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via fetch-request using the http-rp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.no-redirect.http.html new file mode 100644 index 000000000..ae0a512ba --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via fetch-request using the http-rp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.no-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..1360c04c3 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via fetch-request using the http-rp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..e608f52cb --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via iframe-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html new file mode 100644 index 000000000..e8b105995 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via iframe-tag using the http-rp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..0755eaf96 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via iframe-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..6c873e8f0 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.no-redirect.http.html new file mode 100644 index 000000000..e9d9d2469 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the http-rp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.no-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..78b871570 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..a38b20f17 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via script-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.no-redirect.http.html new file mode 100644 index 000000000..a7fd03c43 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via script-tag using the http-rp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.no-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..06b2b252f --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via script-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..49c3ec58e --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via xhr-request using the http-rp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.no-redirect.http.html new file mode 100644 index 000000000..163b8c8a0 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via xhr-request using the http-rp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.no-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..c28550135 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via xhr-request using the http-rp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..608035538 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via fetch-request using the http-rp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.no-redirect.http.html new file mode 100644 index 000000000..046b25859 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via fetch-request using the http-rp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.no-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..59bf756b8 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via fetch-request using the http-rp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..eee0a3f8b --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via iframe-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html new file mode 100644 index 000000000..57f1a9d04 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via iframe-tag using the http-rp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..fdb7033c4 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via iframe-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..7168479ac --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.no-redirect.http.html new file mode 100644 index 000000000..5689889eb --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the http-rp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.no-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..678d95524 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..73cabcfd9 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via script-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.no-redirect.http.html new file mode 100644 index 000000000..fccf29967 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via script-tag using the http-rp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.no-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..174c0feac --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via script-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..832ceb02e --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via xhr-request using the http-rp + delivery method with keep-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.no-redirect.http.html new file mode 100644 index 000000000..4ce779935 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via xhr-request using the http-rp + delivery method with no-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.no-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..664cb7e3d --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via xhr-request using the http-rp + delivery method with swap-origin-redirect and when + the target request is cross-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "cross-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..2ce45af4c --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via fetch-request using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.no-redirect.http.html new file mode 100644 index 000000000..038a0b2dd --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via fetch-request using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.no-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..78b340afe --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via fetch-request using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..12446ba14 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via iframe-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.no-redirect.http.html new file mode 100644 index 000000000..70a115d87 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via iframe-tag using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.no-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..7a083ea6c --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via iframe-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..12871fac6 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.no-redirect.http.html new file mode 100644 index 000000000..abd803c44 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.no-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..02e9b92a2 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via img-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..435281a74 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via script-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.no-redirect.http.html new file mode 100644 index 000000000..dbdf2d6fb --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via script-tag using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.no-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..e1643fd37 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via script-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..89acf024f --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via xhr-request using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.no-redirect.http.html new file mode 100644 index 000000000..9f4319130 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via xhr-request using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.no-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..5e492ca91 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an http + sub-resource via xhr-request using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "http", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..54a2fc322 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via fetch-request using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.no-redirect.http.html new file mode 100644 index 000000000..e6775088a --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via fetch-request using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.no-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..c2bccdf77 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via fetch-request using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "fetch-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..79cd63640 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via iframe-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.no-redirect.http.html new file mode 100644 index 000000000..4fc687f97 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via iframe-tag using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.no-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..3a24da90c --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via iframe-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "iframe-tag", + "subresource_path": "/referrer-policy/generic/subresource/document.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..95154a991 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.no-redirect.http.html new file mode 100644 index 000000000..501e8ed24 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.no-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..a49c2a05c --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via img-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "img-tag", + "subresource_path": "/referrer-policy/generic/subresource/image.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..77d22e913 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via script-tag using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.no-redirect.http.html new file mode 100644 index 000000000..6ab0525a9 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via script-tag using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.no-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..22057804a --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via script-tag using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "script-tag", + "subresource_path": "/referrer-policy/generic/subresource/script.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html new file mode 100644 index 000000000..980c4a9aa --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via xhr-request using the http-rp + delivery method with keep-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "keep-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.no-redirect.http.html new file mode 100644 index 000000000..42c0c4b6f --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.no-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via xhr-request using the http-rp + delivery method with no-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "no-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.no-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.no-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html new file mode 100644 index 000000000..efb989ee3 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. --> +<html> + <head> + <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title> + <meta name="description" content="Check that all sub-resources get the stripped referrer URL."> + <!-- No meta: Referrer policy delivered via HTTP headers. --> + <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org"> + <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url"> + <meta name="assert" content="The referrer URL is stripped-referrer when a + document served over http requires an https + sub-resource via xhr-request using the http-rp + delivery method with swap-origin-redirect and when + the target request is same-origin."> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <!-- TODO(kristijanburnik): Minify and merge both: --> + <script src="/referrer-policy/generic/common.js"></script> + <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script> + </head> + <body> + <script> + ReferrerPolicyTestCase( + { + "referrer_policy": "unsafe-url", + "delivery_method": "http-rp", + "redirection": "swap-origin-redirect", + "origin": "same-origin", + "source_protocol": "http", + "target_protocol": "https", + "subresource": "xhr-request", + "subresource_path": "/referrer-policy/generic/subresource/xhr.py", + "referrer_url": "stripped-referrer" + }, + document.querySelector("meta[name=assert]").content, + new SanityChecker() + ).start(); + </script> + <div id="log"></div> + </body> +</html> diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html.headers new file mode 100644 index 000000000..c67e52158 --- /dev/null +++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html.headers @@ -0,0 +1,2 @@ +Referrer-Policy: unsafe-url +Access-Control-Allow-Origin: * |